Ad injection at scale: Assessing deceptive advertisement modifications

Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab

    Research output: Chapter in Book/Report/Conference proceedingConference contribution


    Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.

    Original languageEnglish (US)
    Title of host publicationProceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Number of pages17
    ISBN (Electronic)9781467369497
    StatePublished - Jul 17 2015
    Event36th IEEE Symposium on Security and Privacy, SP 2015 - San Jose, United States
    Duration: May 18 2015May 20 2015

    Publication series

    NameProceedings - IEEE Symposium on Security and Privacy
    ISSN (Print)1081-6011


    Other36th IEEE Symposium on Security and Privacy, SP 2015
    Country/TerritoryUnited States
    CitySan Jose


    • ad fraud
    • ad injection
    • web injection

    ASJC Scopus subject areas

    • Safety, Risk, Reliability and Quality
    • Software
    • Computer Networks and Communications


    Dive into the research topics of 'Ad injection at scale: Assessing deceptive advertisement modifications'. Together they form a unique fingerprint.

    Cite this