5 million internet users infected by adware


More than five million Google users may be surfing the web with a computer infected by ad-injecting malware, according to joint research by Google, the University of California, Berkeley and the University of California, Santa Barbara.

Conducted over a five-month span between June and October 2014, the study found 5.5% of unique IPs accessing Google sites contained some form of injected ads, known as adware. The goal of the paper is to raise awareness. Google says that it will work with the online advertising community to tackle the problem.

Keep your browsing safe

Google has already removed more than 192 deceptive Chrome extensions that infected the browser with ad injectors, affecting 14 million users.

"Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious," Google said in its report.

The search giant also provided a tool to clean up Chrome and remove ad injectors if you've been previously affected. There is also the Safe Browsing tool that protects the billion internet surfers using Chrome, Safari and Firefox browsers.

"Today, Safe Browsing shows people more than five million warnings per day for all sorts of malicious sites and unwanted software, and discovers more than 50,000 malware sites and more than 90,000 phishing sites every month," Google said.

Are you infected?

If you've noticed irregular signs with the browser, chances are you're infected. If your browser doesn't block pop-up ads, your homepage has been changed, you've noticed unfamiliar extensions or toolbars added, or you're seeing a different search engine that looks similar to Google, you're likely affected by malware.

For Windows users, you can manually uninstall any unwanted programs. Additionally, you can also use Google's free Software removal tool.

You should also remove any suspicious browser extensions and reset your browser settings as well. Google cautions that safe extensions that you install could later be purchased by hackers. When the extension updates, malware could enter your browser that way.

How ad injectors work

"Ad injectors' businesses are built on a tangled web of different players in the online advertising economy," Kurt Thomas, Google's spam and abuse researcher, said in a blog post, noting the complexity of the problem.

Ad injectors start with software that infect a user's computer. The software could be in the form of standalone programs and apps, or browser extensions. Browsers like Chrome support extensions, and Google even has a web store that hosts extensions for its Chrome browsers.

"We discovered more than 50,000 browser extensions and more than 34,000 software applications that took control of users' browsers and injected ads," Google's research discovered. "Upwards of 30% of these packages were outright malicious and simultaneously stole account credentials, hijacked search queries, and reported a user's activity to third parties for tracking."

Google found 5.1% of page views on Windows and 3.4% of page views on Mac revealed obvious signs of infection with ad injection software.

The software is distributed through a network of affiliates and could get onto your computer in any number of ways, including being bundled with other popular software downloads.

The ads are sourced from injection libraries, and companies like Superfish, which became a household name after it was discovered pre-installed on select Lenovo systems out of the box, and Jollywallets make their profit whenever a user clicks on an ad.

Risks to advertisers and users

Referring to the Superfish attack, Google says that adware can also compromise your data and security. "Komodia SSL hijacker did not properly verify secure connections and it was not using keys in a secure way, Google explained in a separate blog post. "This type of software puts users at additional risk by making it possible for remote attackers to impersonate web sites and expose users' private data."

"The ad injection ecosystem profits from more than 3,000 victimized advertisers - including major retailers like Sears, Walmart, Target, Ebay - who unwittingly pay for traffic to their sites," Google said. "Because advertisers are generally only able to measure the final click that drives traffic to their sites, they're often unaware of many preceding twists and turns, and don't know they are receiving traffic via unwanted software and malware."