Ad Injection at Scale: Assessing Deceptive Advertisement Modifications

Thomas, Kurt; Bursztein, Elie; Grier, Chris; Ho, Grant; Jagpal, Nav; Kapravelos, Alexandros; McCoy, Damon; Nappa, Antonio; Paxson, Vern; Pearce, Paul; Provos, Niels; Rajab, Moheeb Abu

doi:10.1109/sp.2015.17

Cited by 75 publications

(67 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A threshold of 0.3 achieved best precision and recall. are more inclined in targeting the popular browser(s) for ad injections and malversting [48], [51], [30]. As such, for Internet Explorer and Firefox, it may be more beneficial for malicious advertisers, along with presenting malware sites, to expose FLIS users to money laundering scams, adult gaming/video websites, and fraudulent technician services.…”

Section: E Exposing Users To Malware Scam and Adult Websitesmentioning

confidence: 99%

“…To analyze malware binaries we used the VirusTotal (VT) service [10], to determine whether the binary had ever been scanned before and whether it was labeled as malicious by an antivirus vendor. To examine malicious Chrome extensions, we leverage the techniques from [48], [51] and manually analyze the behavior of collected extensions in the browser.…”

Section: G Malicious Payloads Investigationmentioning

confidence: 99%

See 1 more Smart Citation

It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services

Rafique

Goethem

Joosen

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Recent years have seen extensive growth of services enabling free broadcasts of live streams on the Web. Free live streaming (FLIS) services attract millions of viewers and make heavy use of deceptive advertisements. Despite the immense popularity of these services, little is known about the parties that facilitate it and maintain webpages to index links for free viewership.This paper presents a comprehensive analysis of the FLIS ecosystem by mapping all parties involved in the anonymous broadcast of live streams, discovering their modus operandi, and quantifying the consequences for common Internet users who utilize these services. We develop an infrastructure that enables us to perform more than 850,000 visits by identifying 5,685 free live streaming domains, and analyze more than 1 Terabyte of traffic to map the parties that constitute the FLIS ecosystem. On the one hand, our analysis reveals that users of FLIS websites are generally exposed to deceptive advertisements, malware, malicious browser extensions, and fraudulent scams. On the other hand, we find that FLIS parties are often reported for copyright violations and host their infrastructure predominantly in Europe and Belize. At the same time, we encounter substandard advertisement set-ups by the FLIS parties, along with potential trademark infringements through the abuse of domain names and logos of popular TV channels.Given the magnitude of the discovered abuse, we engineer features that characterize FLIS pages and build a classifier to identify FLIS pages with high accuracy and low false positives, in an effort to help human analysts identify malicious services and, whenever appropriate, initiate content-takedown requests.

show abstract

Section: E Exposing Users To Malware Scam and Adult Websitesmentioning

confidence: 99%

Section: G Malicious Payloads Investigationmentioning

confidence: 99%

It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services

Rafique

Goethem

Joosen

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…If the content injection is also malicious in nature, the publisher's reputation can be further harmed in addition to exposing users to security risks due to malware, phishing, and other threats. Prior work has shown that users exposed to ad injection are more likely to be exposed to "malvertising" and traditional malware [46,48]. Figure 1 gives an overview of ad injection's effect on the normal ad delivery process, while Figure 3 shows an instance of ad injection on amazon.com.…”

Section: Advertisement Injectionmentioning

confidence: 99%

“…A recent line of work has focused on the problem of ad injection via browser extensions. Thomas et al [46] proposed a detection methodology in which, they used a priori knowledge of a legitimate DOM structure to report the deviations from that structure as potential ad injections. However, this approach is not purely client-side and requires cooperation from content publishers.…”

Section: Browser Extension Securitymentioning

confidence: 99%

Identifying Extension-Based Ad Injection via Fine-Grained Web Content Provenance

Arshad

Kharraz

Robertson

2016

Research in Attacks, Intrusions, and Defenses

View full text Add to dashboard Cite

Extensions provide useful additional functionality for web browsers, but are also an increasingly popular vector for attacks. Due to the high degree of privilege extensions can hold, extensions have been abused to inject advertisements into web pages that divert revenue from content publishers and potentially expose users to malware. Users are often unaware of such practices, believing the modifications to the page originate from publishers. Additionally, automated identification of unwanted third-party modifications is fundamentally difficult, as users are the ultimate arbiters of whether content is undesired in the absence of outright malice. To resolve this dilemma, we present a fine-grained approach to tracking the provenance of web content at the level of individual DOM elements. In conjunction with visual indicators, provenance information can be used to reliably determine the source of content modifications, distinguishing publisher content from content that originates from third parties such as extensions. We describe a prototype implementation of the approach called ORIGINTRACER for Chromium, and evaluate its effectiveness, usability, and performance overhead through a user study and automated experiments. The results demonstrate a statistically significant improvement in the ability of users to identify unwanted third-party content such as injected ads with modest performance overhead.

show abstract

“…In 2015, a study found 249 Chrome extensions in the Chrome Web store injecting unwanted ads [96]. The authors identified two drops in their measurement of ad injection.…”

Section: Extension Ad Injectionmentioning

confidence: 99%

Measurement and detection of security properties of client-side web applications

Weissbacher¹

View full text Add to dashboard Cite

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications

Cited by 75 publications

References 13 publications

It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services

It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services

Identifying Extension-Based Ad Injection via Fine-Grained Web Content Provenance

Measurement and detection of security properties of client-side web applications

Contact Info

Product

Resources

About