Google is cracking down on adware infested Chrome extensions. The search giant recently disabled 192 browser extensions that injected rogue ads into web browsers without users’ knowledge.
Google’s action followed a study from the University of California in which researchers found that over 5% of internet users who accessed Google websites had an ad injector installed in the browser. The study included deceptive extensions for the Chrome browser. Researchers also found deceptive extensions in other web browsers including Microsoft’s Internet Explorer and Mozilla Firefox.
Google: The problem with ad-injecting extensions
Although Google does not have a ban on extensions with rogue ad injections, a third of Chrome extensions were malware. The main issue with rogue ad injections is that it is not exclusive to browser extensions. Software applications can do the same thing outside the browser or the network layer. It can also hook the browser process without an installed extension. Many of these applications are malware, but some are called “potentially unwanted programs” or PUP. These programs sometimes cause security holes on users’ computers.
The search giant previously took action against PUPs with warning displays on Chrome; The warning displays alert users when they try to download the software in question. Google’s attempt to warn users is commendable. Unfortunately most PUP programs are not directly downloaded by users. Such problematic software programs often come bundled with freeware. Malicious software sometimes is distributed by email attachments, exploits and other nefarious methods.
Sneaky malware tricks
Computers that are free of malware and adware sometimes become plagued with rogue ads. AraLabs security researchers previously warned others of an attack that injected rogue ads into websites when viewed on computers. The Domain Name System converts domain names people easily remember into numerical IP addresses. Local network computers usually pass the DNS lookup requests on a network router, then transfer the same queries to an ISP’s DNS servers. Spoof websites develop when the DNS server is configured on the router with controlled rogue servers.