Is your computer plagued by ad injectors? Google shares staggering adware infection stats


Imagine if when you went Googling for something, you had a page like this served up:

Googling for Nexus 6 - with an ad injector

Rather than a bunch of (hopefully) useful links to webpages about the Nexus 6 Android smartphone, you are served up with a page swathed in banner ads, affiliate links and deals getting in the way of the content you really want to see.

The graphical ads on that page should instantly stand out as unusual for Google, but take a closer look at those text links too.

Ads by wxDownload

The fact is that all of these links and banner ads are helping to make money for whoever has tricked you into installing a program on your computer.

Here’s another example.

If you visit the New York Times website, it should look something like this:

New York Times

It definitely shouldn’t look like it’s trying to scare you into believing that you have a virus or security problem on your computer, and arguing that you should ring a phone number for “technical support” immediately:

New York Times with added ad injection

Possible Privacy Breach and Computer Error Detected Due to Suspicious Activity Found On Your Computer.

Contact A Certified Live Technician Now:


Once again, ads are to blame:

New York Times and pop-up ads

What’s happening here is that your computer’s regular browsing is being interfered with by a third-party process - often installed via a browser extension or plugin.

You might think it’s a legitimate ad being served up by the website you are visiting, but that’s simple not true.

AdMaybe when you installed a utility like wxDownload you imagined that your download speeds would improve and your internet access would speed-up.

But the truth is that you have made a Faustian contract with a program that is going to inject and embed adverts willy-nilly as you browse across the net, in the hope that you will help them earn some cash.

A new study, conducted by Google and researchers at University of California Berkeley, has tried to get a handle on just how prevalent these irritating and (sometimes) downright malicious ad injections are.

The researchers examined more than 100 million pageviews of Google sites across Chrome, Firefox, and Internet Explorer on different operating systems.

What they discovered was alarming:

  • Ad injectors are not just a Windows problem. They are available on Mac as well as Windows, and affect all the major web browsers.
  • A staggering 5% of people who visit Google sites have “at least one ad injector installed. Within that group, half have at least two injectors installed and nearly one-third have at least four installed.” That says to me that some folks are really prone to falling for these kind of things.
  • Google’s study reveals that 34% of the Chrome extensions injecting adverts are classified as “outright malware”. There is no greyness here…

In addition, the researchers claim that they found 192 deceptive Chrome extensions that have affected 14 million users. Those rogue extensions have now been disabled, and Google says it is doing more to catch similar extensions in the future.

But maybe you need to play your part too, being more careful about what you install and how well you maintain the security of your computer.

You can read more about the ad injection problem by checking out Google’s blog post. The full report is due to come out in May.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

4 Responses

  1. Anonymous

    April 2, 2015 at 9:46 am #

    AdwCleaner is meant to be a fairly good tool.

  2. Anonymous

    April 2, 2015 at 9:48 am #

    Graham, how come scripting has to be enabled to leave a comment now? Is that a change you made or something wordpress has implemented?

    • Graham Cluley in reply to Anonymous.

      April 2, 2015 at 10:14 am #

      It’s because of an anti-comment spam measure I introduced. Apologies if it’s inconvenient.

      • Anonymous in reply to Graham Cluley.

        April 2, 2015 at 3:29 pm #

        No worries. Security over convenience (and it’s not really that inconvenient). Was just curious if it was something done your end. Thanks for your reply.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.