Menu
Adware turns a tidy profit for those who sneak it into downloads

Adware turns a tidy profit for those who sneak it into downloads

Perpetrators are deliberately evading protections, say researchers from Google and NYU

If you've ever downloaded software, chances are you've experienced an all-too-common surprise: ads or other unwanted programs that tagged along for the ride, only to pop up on your PC uninvited. Turns out there's a highly lucrative global industry making it happen, with "layers of deniability" to protect those involved.

That's according to researchers from Google and New York University's Tandon School of Engineering, who will present this week what they say is the first analysis of the link between so-called "pay-per-install" (PPI) practices and the distribution of unwanted software.

Commercial PPI is a monetization scheme whereby third-party applications are surreptitiously bundled with legitimate ones. When users install the package they requested, they also get a stream of unwanted programs riding stowaway. They may find a barrage of ads overrunning the screen, for example, or a flashing pop-up warning of malware and peddling fake antivirus software. Alternatively, the system's default browser may be hijacked so as to redirect to ad-laden pages.

Making all this happen are networks of affiliates -- brokers who forge the deals that bundle the extra software with popular applications and place download offers on well-trafficked websites. They get paid by PPI businesses directly, sometimes as much as $2 per install, the researchers found. Legitimate developers often don't even know their products are being bundled with extra stuff.

As part of their study, the researchers focused on four PPI affiliates, routinely downloading their software packages and analyzing the components. Most striking, they said, was the degree to which downloads are personalized to maximize the chances that their payload will be delivered.

When an installer runs, the user's computer is first "fingerprinted" to determine which adware is compatible. The downloader also searches for antivirus protection and factors those results into its approach.

"They do their best to bypass antivirus, so the program will intentionally inject those elements -- whether it's adware or scareware -- that are likeliest to evade whichever antivirus program is running," said Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon.

Google has long tracked web pages known to harbor unwanted software offers and updates the Safe Browsing protection in its Chrome browser to warn users when they visit such pages. But PPI affiliates are constantly adjusting their tactics to avoid user protections while intentionally delivering unwanted software, the researchers said.

Part of the problem is what the researchers call the "thin veil of consent" that users grant inadvertently when they download the software they want.

"If you've ever downloaded a screen saver or other similar feature for your laptop, you've seen a 'terms and conditions' page pop up where you consent to the installation," said McCoy. "Buried in the text that nobody reads is information about the bundle of unwanted software programs in the package you're about to download."

The presence of a consent form allows these "stowaway software" businesses to operate legally, but what they thrust on users treads a fine line between unwanted software and malware, McCoy said. "We're hoping to expose these business practices so people are less likely to get duped into flooding their computers with programs they never wanted."

The researchers' paper, titled "Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software," will be presented at the USENIX Security Symposium in Austin, Texas, later this week.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
An Evening With Eugene Kaspersky for Kiwi partners in Auckland

An Evening With Eugene Kaspersky for Kiwi partners in Auckland

​New Zealand partners came together for An Evening With Eugene Kaspersky in Auckland, an invitation only event as part of Kaspersky Lab Partner Engage. Following an evening of insights and executive networking with the founder of Kaspersky Lab, Eugene Kaspersky, Kiwi partners got up close and personal with Eugene in an unprecedented​ panel discussion. Facilitated by Reseller News, this panel explored channel relationships, successful business strategies, and the latest ground breaking technologies to impact the security market. Photos by Maria Stefina.

An Evening With Eugene Kaspersky for Kiwi partners in Auckland
Show Comments