Ad-injecting malware is one of the most reliable scams on the web. Once a computer’s infected, the virus will drop new ads into any site it visits, sending ad revenue back to the scammers who control it. Users may even know the name of the program, but they’re powerless to remove it. According to new research from Google and UC Berkley, the scam is still going strong, despite more than a decade of work to stamp it out.
Released today, the study looked at computers visiting Google sites from June to October of 2014, replaying network requests to see if bogus ads were being injected locally. Over those five months, the system detected more than 5,339,913 IP addresses infected with adware, roughly 5.5 percent the total requests. It’s a staggering number, but if anything it’s likely to be an underestimate, since adware programs often decline to tamper with large company sites so as to avoid detection.
The research also found that the infamous Superfish adware is alive and well. Superfish was the most popular ad injector detected by the study, impacting more than 3.7 million pageviews. The program became notorious after it was discovered pre-installed on certain Lenovo laptops, breaking SSL protections for any computer running it. Despite the bad press, Superfish appears to still be doing good business, either through other unreported installation deals or software bundles that trick hapless users into installing Superfish onto their own machines. Shopping programs like Jollywallet were also popular, as well as affiliate bundlers like Crossrider and Netcrawl, all of which operate as legitimate businesses.