In the below screenshot, for example, the Ad Options ad network has inserted an unwanted ad on the home page of the Citizens Bank website.
And below, another ad network -- OMG Music! -- has inserted an ad on Andover Bank's website. Ironically, it's an ad for Citizens Bank.
According to a recent report by Google, a single injected ad is typically funneled through several different ad networks, so that the advertisers are not even aware that this is happening.
That is the case with Citizens Bank, which confirmed that it did not deliberately purchase the injected ads, and is investigating the situation.
Not only are the ads on these networks intrusive and unwanted, but because the networks are not well policed, more likely to be malicious or subject to click fraud.
Google steps in
Search engines are victims, too. Ad injectors insert their ads right into search results, getting top placement without having to pay the search engines a dime.
But in going after the search engines, the ad injectors may have taken a step too far. Picking a fight with Google is seldom a good idea.
Three months ago, Google released the results of a study that found more than 50,000 browser extensions and 34,000 software applications that took over browsers and injected ads. A third of these also took the opportunity to steal account credentials, hijack search results, and spy on users' activities.
Google has already removed 192 deceptive Chrome extensions from the Chrome Web Store and added new safeguards to the browser. It also has begun notifying advertisers when their ads are injected and updated their AdWords policies to make it harder to promote unwanted software.
The ad injectors can put their ads right into the middle of a webpage, or create new links where they find keywords, or anywhere there is blank space, or replace existing legitimate ads, or layer new ads on top of the page blocking the view of legitimate content.
Browser-based ad injectors get an extra bonus, with full access to even encrypted websites, or pages served via VPNs.
Injections aided and abetted by network operators typically have access to the underlying code only for unencrypted webpages, though some carriers have been known to go as far as interfere with the encryption, as Gogo Inflight Wi-Fi was caught doing earlier this year.
How is this legal?
Users routinely use tools that change the way that websites are presented. They might want a page reformatted so that it's easier to print, or translated into a foreign language.
Sign up for Computerworld eNewsletters.