Google Responds to DoubleClick Malware Problem

After discovering that its DoubleClick ads were being hijacked to distribute malware, Google conducted research to find out the scale of the problem and come up with a solution.

There is plenty of malice surrounding the online ad industry. Whether it’s underhanded advertising practices or malware, scams put consumers at risk. Last month, Ars Technica reported that Google’s DoubleClick ad service was being hijacked to distribute malware. Google responded with official research from the University of California, Berkeley and University of California, Santa Barbara on the scale of the problem, and how the company is trying to combat this malware.

Google states in a blog post about the research:

Ad injectors’ businesses are built on a tangled web of different players in the online advertising economy. This complexity has made it difficult for the industry to understand this issue and help fix it. We hope our findings raise broad awareness of this problem and enable the online advertising industry to work together and tackle it.

An ‘ad injector’ is a piece of software, or a malicious browser extension, that displays fraudulent ads. More than 30 percent of the detected software was entirely malicious. It stole account credentials, hijacked search queries, and reported user activity to third party services for tracking. The research found that 5.1 percent of pageviews on windows and 3.4 percent on mac showed signs of ad injection activity.

The malicious content is then distributed, often by businesses that specialized in this kind of software. The malware was inserted into marketing material, bundled with popular software downloads, or featured in large social media advertising campaigns.

The ad injection ecosystem reportedly contains more than 3,000 affected retailers. Retailers like Sears, Walmart, Target and eBay have unwittingly been paying for the traffic generated by malicious ads that appear on their sites.

Google has been fighting against this illicit ecosystem in light of this research. The company injected extra safeguards into Google Chrome to block or root out ad injectors, removed 192 deceptive Chrome extensions, and started alerting affected companies that use its Doubleclick ad exchange.

Though the changes are recent, Google states in its blog post that users are seeing 95 percent fewer ‘safe browsing’ warnings — warnings that a site has malware — after clicking adwords ads. Progress may look promising, but the blog post warns that to truly defeat this malicious method of doing business, everyone involved in the ad market needs to review and perhaps change their practices.

Download the full report here.