Have you ever visited a web page on your own or a borrowed computer and the site looked like this?
Chances are the computer in question is infected with at least one ad injector.
Last week, Google’s Online Security Blog posted an article talking about the hunt on ad injectors. They are programs designed to insert new ads into a web browser or to even replace existing ads that show up on web pages. One of the most common ways to get an ad injector is via software “bundles” where additional programs are typically paired up with an application that the user actually wants to install. A recent example of this is the Superfish incident with Lenovo.
Google Chrome extensions in particular are a way that ad injectors can find their way onto computers. The article has mentioned that at about 200 of them have been exposing approximately 14 million users to these ads. About a third of Chrome extensions that inject ads have been classified as malware in a study that Google researchers conducted. With this study more than 5% of people visiting Google sites have at least one ad injector, within this group half have at least two and a third have at least four installed. While this may appear to be a small statistic the number of users of the Chrome browser still makes this a problem that had to be addressed. May 1st, aresearch article will be released which examines the ad injector ecosystem in depth.
The primary ways that Google is addressing this issue is via updating the Terms of Service for Chrome extensions, and also improving the methods of detecting extensions that employ the same or similar behavior to the previously caught ad injectors. Users should be cautious when installing extensions and should always confirm that everything in software bundles is wanted, actions that should be done by users regardless.