Ad injection at scale: Assessing deceptive advertisement modifications

Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.

    Original languageEnglish (US)
    Title of host publicationProceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages151-167
    Number of pages17
    Volume2015-July
    ISBN (Print)9781467369497
    DOIs
    StatePublished - Jul 17 2015
    Event36th IEEE Symposium on Security and Privacy, SP 2015 - San Jose, United States
    Duration: May 18 2015May 20 2015

    Other

    Other36th IEEE Symposium on Security and Privacy, SP 2015
    CountryUnited States
    CitySan Jose
    Period5/18/155/20/15

    Fingerprint

    Ecosystems
    Websites
    Profitability
    Pipelines

    Keywords

    • ad fraud
    • ad injection
    • web injection

    ASJC Scopus subject areas

    • Safety, Risk, Reliability and Quality
    • Software
    • Computer Networks and Communications

    Cite this

    Thomas, K., Bursztein, E., Grier, C., Ho, G., Jagpal, N., Kapravelos, A., ... Rajab, M. A. (2015). Ad injection at scale: Assessing deceptive advertisement modifications. In Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015 (Vol. 2015-July, pp. 151-167). [7163024] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP.2015.17

    Ad injection at scale : Assessing deceptive advertisement modifications. / Thomas, Kurt; Bursztein, Elie; Grier, Chris; Ho, Grant; Jagpal, Nav; Kapravelos, Alexandros; McCoy, Damon; Nappa, Antonio; Paxson, Vern; Pearce, Paul; Provos, Niels; Rajab, Moheeb Abu.

    Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015. Vol. 2015-July Institute of Electrical and Electronics Engineers Inc., 2015. p. 151-167 7163024.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Thomas, K, Bursztein, E, Grier, C, Ho, G, Jagpal, N, Kapravelos, A, McCoy, D, Nappa, A, Paxson, V, Pearce, P, Provos, N & Rajab, MA 2015, Ad injection at scale: Assessing deceptive advertisement modifications. in Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015. vol. 2015-July, 7163024, Institute of Electrical and Electronics Engineers Inc., pp. 151-167, 36th IEEE Symposium on Security and Privacy, SP 2015, San Jose, United States, 5/18/15. https://doi.org/10.1109/SP.2015.17
    Thomas K, Bursztein E, Grier C, Ho G, Jagpal N, Kapravelos A et al. Ad injection at scale: Assessing deceptive advertisement modifications. In Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015. Vol. 2015-July. Institute of Electrical and Electronics Engineers Inc. 2015. p. 151-167. 7163024 https://doi.org/10.1109/SP.2015.17
    Thomas, Kurt ; Bursztein, Elie ; Grier, Chris ; Ho, Grant ; Jagpal, Nav ; Kapravelos, Alexandros ; McCoy, Damon ; Nappa, Antonio ; Paxson, Vern ; Pearce, Paul ; Provos, Niels ; Rajab, Moheeb Abu. / Ad injection at scale : Assessing deceptive advertisement modifications. Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015. Vol. 2015-July Institute of Electrical and Electronics Engineers Inc., 2015. pp. 151-167
    @inproceedings{060485f6f52e47768dbb01b9795d6f6b,
    title = "Ad injection at scale: Assessing deceptive advertisement modifications",
    abstract = "Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5{\%} of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38{\%} and 17{\%} of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.",
    keywords = "ad fraud, ad injection, web injection",
    author = "Kurt Thomas and Elie Bursztein and Chris Grier and Grant Ho and Nav Jagpal and Alexandros Kapravelos and Damon McCoy and Antonio Nappa and Vern Paxson and Paul Pearce and Niels Provos and Rajab, {Moheeb Abu}",
    year = "2015",
    month = "7",
    day = "17",
    doi = "10.1109/SP.2015.17",
    language = "English (US)",
    isbn = "9781467369497",
    volume = "2015-July",
    pages = "151--167",
    booktitle = "Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",

    }

    TY - GEN

    T1 - Ad injection at scale

    T2 - Assessing deceptive advertisement modifications

    AU - Thomas, Kurt

    AU - Bursztein, Elie

    AU - Grier, Chris

    AU - Ho, Grant

    AU - Jagpal, Nav

    AU - Kapravelos, Alexandros

    AU - McCoy, Damon

    AU - Nappa, Antonio

    AU - Paxson, Vern

    AU - Pearce, Paul

    AU - Provos, Niels

    AU - Rajab, Moheeb Abu

    PY - 2015/7/17

    Y1 - 2015/7/17

    N2 - Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.

    AB - Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.

    KW - ad fraud

    KW - ad injection

    KW - web injection

    UR - http://www.scopus.com/inward/record.url?scp=84941004923&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84941004923&partnerID=8YFLogxK

    U2 - 10.1109/SP.2015.17

    DO - 10.1109/SP.2015.17

    M3 - Conference contribution

    SN - 9781467369497

    VL - 2015-July

    SP - 151

    EP - 167

    BT - Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -