Is your computer plagued by ad injectors? Google shares staggering adware infection stats

Graham Cluley

Imagine if when you went Googling for something, you had a page like this served up:

Googling for Nexus 6 - with an ad injector

Rather than a bunch of (hopefully) useful links to webpages about the Nexus 6 Android smartphone, you are served up with a page swathed in banner ads, affiliate links and deals getting in the way of the content you really want to see.

The graphical ads on that page should instantly stand out as unusual for Google, but take a closer look at those text links too.

Ads by wxDownload

The fact is that all of these links and banner ads are helping to make money for whoever has tricked you into installing a program on your computer.

Here’s another example.

If you visit the New York Times website, it should look something like this:

New York Times

It definitely shouldn’t look like it’s trying to scare you into believing that you have a virus or security problem on your computer, and arguing that you should ring a phone number for “technical support” immediately:

New York Times with added ad injection

Possible Privacy Breach and Computer Error Detected Due to Suspicious Activity Found On Your Computer.

Contact A Certified Live Technician Now:

XXXXXXXXXXXXX (Toll free)

Once again, ads are to blame:

New York Times and pop-up ads

What’s happening here is that your computer’s regular browsing is being interfered with by a third-party process – often installed via a browser extension or plugin.

You might think it’s a legitimate ad being served up by the website you are visiting, but that’s simple not true.

AdMaybe when you installed a utility like wxDownload you imagined that your download speeds would improve and your internet access would speed-up.

But the truth is that you have made a Faustian contract with a program that is going to inject and embed adverts willy-nilly as you browse across the net, in the hope that you will help them earn some cash.

A new study, conducted by Google and researchers at University of California Berkeley, has tried to get a handle on just how prevalent these irritating and (sometimes) downright malicious ad injections are.

The researchers examined more than 100 million pageviews of Google sites across Chrome, Firefox, and Internet Explorer on different operating systems.

What they discovered was alarming:

  • Ad injectors are not just a Windows problem. They are available on Mac as well as Windows, and affect all the major web browsers.
  • A staggering 5% of people who visit Google sites have “at least one ad injector installed. Within that group, half have at least two injectors installed and nearly one-third have at least four installed.” That says to me that some folks are really prone to falling for these kind of things.
  • Google’s study reveals that 34% of the Chrome extensions injecting adverts are classified as “outright malware”. There is no greyness here…

In addition, the researchers claim that they found 192 deceptive Chrome extensions that have affected 14 million users. Those rogue extensions have now been disabled, and Google says it is doing more to catch similar extensions in the future.

But maybe you need to play your part too, being more careful about what you install and how well you maintain the security of your computer.

You can read more about the ad injection problem by checking out Google’s blog post. The full report is due to come out in May.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

4 Replies to “Is your computer plagued by ad injectors? Google shares staggering adware infection stats”

  1. Graham, how come scripting has to be enabled to leave a comment now? Is that a change you made or something wordpress has implemented?

      1. No worries. Security over convenience (and it's not really that inconvenient). Was just curious if it was something done your end. Thanks for your reply.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES