You might have missed an item last week although you might very well have been the subject of the report. Do you know about ad injectors? I’ve written about them before, most recently when some genius at Lenovo thought purchasers of their laptops would want to have Superfish bundled with their machines. Besides being a massive security risk it was annoying as hell, as a plethora of ads cluttered up users’ screens. Well, it turns out that Lenovo doesn’t have a patent on either stupidity (at best) or maliciousness (more likely). To wit:
More than 5% of Google site visitors have at least one ad injector installed. Of those, half have at least two injectors installed, and nearly one-third have at least four installed, per a study Google conducted with researchers at University of California Berkeley.
In other words, millions of people have code installed that will insert new ads, or replace existing ones, into the pages those people read. You may be one of them. How did this happen? Generally, some miscreant bundled the ad injector with some other desirable piece of software which the user installed. Tool bars (don’t install them!) and certain software download sites (download.com, for one) do this routinely. As the Google Security Blog put it:
Unwanted ad injectors aren’t part of a healthy ads ecosystem. They’re part of an environment where bad practices hurt users, advertisers, and publishers alike. People don’t like ad injectors for several reasons: not only are they intrusive, but people are often tricked into installing ad injectors in the first place, via deceptive advertising, or software “bundles.”…Ad injectors are problematic for advertisers and publishers as well. Advertisers often don’t know their ads are being injected, which means they don’t have any idea where their ads are running. Publishers, meanwhile, aren’t being compensated for these ads, and more importantly, they unknowingly may be putting their visitors in harm’s way, via spam or malware in the injected ads.