Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

T-Mobile caught in crossfire of injected ad war with Flash Networks

Maria Korolov | Aug. 4, 2015
LAS VEGAS - An ongoing conflict between website owners and ad injectors who place unwanted ads on those websites has just flared up into full-blown war, with advertisers and carriers caught in the crossfire.

In the below screenshot, for example, the Ad Options ad network has inserted an unwanted ad on the home page of the Citizens Bank website.

citizens bank malvertising
Credit: Namagoo

And below, another ad network -- OMG Music! -- has inserted an ad on Andover Bank's website. Ironically, it's an ad for Citizens Bank.

andover bank malvertising
Credit: Namagoo

According to a recent report by Google, a single injected ad is typically funneled through several different ad networks, so that the advertisers are not even aware that this is happening.

That is the case with Citizens Bank, which confirmed that it did not deliberately purchase the injected ads, and is investigating the situation.

Not only are the ads on these networks intrusive and unwanted, but because the networks are not well policed, more likely to be malicious or subject to click fraud.

Google steps in

Search engines are victims, too. Ad injectors insert their ads right into search results, getting top placement without having to pay the search engines a dime.

But in going after the search engines, the ad injectors may have taken a step too far. Picking a fight with Google is seldom a good idea.

Three months ago, Google released the results of a study that found more than 50,000 browser extensions and 34,000 software applications that took over browsers and injected ads. A third of these also took the opportunity to steal account credentials, hijack search results, and spy on users' activities.

Google has already removed 192 deceptive Chrome extensions from the Chrome Web Store and added new safeguards to the browser. It also has begun notifying advertisers when their ads are injected and updated their AdWords policies to make it harder to promote unwanted software.

The ad injectors can put their ads right into the middle of a webpage, or create new links where they find keywords, or anywhere there is blank space, or replace existing legitimate ads, or layer new ads on top of the page blocking the view of legitimate content.

Browser-based ad injectors get an extra bonus, with full access to even encrypted websites, or pages served via VPNs.

Injections aided and abetted by network operators typically have access to the underlying code only for unencrypted webpages, though some carriers have been known to go as far as interfere with the encryption, as Gogo Inflight Wi-Fi was caught doing earlier this year.

How is this legal?

Users routinely use tools that change the way that websites are presented. They might want a page reformatted so that it's easier to print, or translated into a foreign language.


Previous Page  1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.