Nav: Home

NYU, Google researchers hack business model of adware, scareware, other unwanted software

August 04, 2016

BROOKLYN, New York - A team of researchers from Google and the New York University Tandon School of Engineering next week will offer the first public view into shady practices that deliver unwanted advertising and software bundled with legitimate downloads - a problem that occurs far more often than malware attempts. Their research suggests that some of the affiliates that distribute such software may be complicit in the scheme, which provides layers of deniability that they are installing unwanted software.

Few computer users have been spared the nuisance of unwanted software: Following what appears to be a legitimate software update or download, a barrage of advertisements overruns the screen, or a flashing pop-up warns of the presence of malware, demanding the purchase of what is often fraudulent antivirus software. On other occasions, the system's default browser is hijacked, redirecting to ad-laden pages.

Despite the prevalence of such unwanted software -- Google tracks more than 60 million attempted installs per week, three times the number of malware attempts -- the source of these installs and the business model underlying the practice were not well understood. The researchers from Google and New York University Tandon School of Engineering conducted the first analysis of the link between commercial pay-per-install (PPI) practices and the distribution of unwanted software.  

Kurt Thomas, a research scientist at Google, and Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon, led a team of researchers from Safe Browsing and Chrome Security to investigate commercial PPI schemes as a main vehicle for moving unwanted software from developers to unwitting installers. Their paper, Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software, will be presented at the USENIX Security Symposium, a top computer security conference, in Austin, Texas, next week.

Commercial PPI is a monetization scheme wherein third-party applications -- often consisting of unwanted software such as adware, scareware, and browser hijacking programs -- are bundled with legitimate applications in exchange for payment to the legitimate software company. When users install the package, they get the desired piece of software as well as a stream of unwanted programs riding stowaway. Thomas, McCoy, and their colleagues cite reports indicating that commercial PPI is a highly lucrative global business, with one outfit reporting $460 million in revenue in 2014 alone. It should be noted that this revenue reflects a mix of both legitimate as well as unwanted software downloads.

"If you've ever downloaded a screen saver or other similar feature for your laptop, you've seen a 'terms and conditions' page pop up where you consent to the installation," McCoy explained. "Buried in the text that nobody reads is information about the bundle of unwanted software programs in the package you're about to download." The presence of a consent form allows businesses to operate legally, but McCoy classifies the extra applications as "treading a fine line between malware and unwanted software."

The report explains that PPI businesses operate through a network of affiliates-- brokers who forge the deals that bundle advertisements (often unwanted software) with popular software applications, then place download offers on well-trafficked sites where they're likely to be clicked on. Parties are paid separately -- meaning some legitimate developers do not know their products are being bundled with unwanted software -- and they are paid as much as two dollars per install.

To better understand the install process, the researchers gained access to four PPI affiliates by routinely downloading the software packages and analyzing the components. Among their more important discoveries was the degree to which such downloaders are personalized to maximize the chances that their payload will be delivered.

When an installer runs, the user's computer is "fingerprinted" to determine which adware is available to run on that particular machine. Additionally, the downloader searches for antivirus protection, factoring in the presence or absence of such protections in its approach. "They do their best to bypass antivirus, so the program will intentionally inject those elements -- whether it's adware or scareware -- that are likeliest to evade whichever antivirus program is running," McCoy said.

Google has long tracked web pages known to harbor unwanted software offers and continuously updates the Safe Browsing protection in its Chrome browser to warn users when they visit such pages. Yet research shows that PPI affiliates are also adjusting their tactics in an attempt to dodge Safe Browsing detection.

The researchers emphasize that these actions imply that PPI affiliates are directly catering to the unwanted software market, avoiding user protections while intentionally delivering unwanted software under a "thin veil of consent," as McCoy deems it. "We're hoping to expose these business practices so people are less likely to get duped into flooding their computers with programs they never wanted," he said.

The NYU Tandon School of Engineering dates to 1854, when the NYU School of Civil Engineering and Architecture as well as the Brooklyn Collegiate and Polytechnic Institute (widely known as Brooklyn Poly) were founded. Their successor institutions merged in January 2014 to create a comprehensive school of education and research in engineering and applied sciences, rooted in a tradition of invention, innovation and entrepreneurship. In addition to programs at its main campus in downtown Brooklyn, it is closely connected to engineering programs in NYU Abu Dhabi and NYU Shanghai, and it operates business incubators in downtown Manhattan and Brooklyn.
-end-


NYU Tandon School of Engineering

Related Engineering Articles:

Engineering a new cancer detection tool
E. coli may have potentially harmful effects but scientists in Australia have discovered this bacterium produces a toxin which binds to an unusual sugar that is part of carbohydrate structures present on cells not usually produced by healthy cells.
Engineering heart valves for the many
The Wyss Institute for Biologically Inspired Engineering and the University of Zurich announced today a cross-institutional team effort to generate a functional heart valve replacement with the capacity for repair, regeneration, and growth.
Geosciences-inspired engineering
The Mackenzie Dike Swarm and the roughly 120 other known giant dike swarms located across the planet may also provide useful information about efficient extraction of oil and natural gas in today's modern world.
Engineering success
Academically strong, low-income would-be engineers get the boost they need to complete their undergraduate degrees.
HKU Engineering Professor Ron Hui named a Fellow by the UK Royal Academy of Engineering
Professor Ron Hui, Chair Professor of Power Electronics and Philip Wong Wilson Wong Professor of Electrical Engineering at the University of Hong Kong, has been named a Fellow by the Royal Academy of Engineering, UK, one of the most prestigious national academies.
Engineering a better biofuel
The often-maligned E. coli bacteria has powerhouse potential: in the lab, it has the ability to crank out fuels, pharmaceuticals and other useful products at a rapid rate.
Pascali honored for contributions to engineering education
Raresh Pascali, instructional associate professor in the Mechanical Engineering Technology Program at the University of Houston, has been named the 2016 recipient of the Ross Kastor Educator Award.
Scaling up tissue engineering
A team at the Wyss Institute for Biologically Inspired Engineering at Harvard University and the Harvard John A.
Engineering material magic
University of Utah engineers have discovered a new kind of 2-D semiconducting material for electronics that opens the door for much speedier computers and smartphones that also consume a lot less power.
Engineering academic elected a Fellow of the IEEE
A University of Bristol academic has been elected a Fellow of the world's largest and most prestigious professional association for the advancement of technology.

Related Engineering Reading:

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Digital Manipulation
Technology has reshaped our lives in amazing ways. But at what cost? This hour, TED speakers reveal how what we see, read, believe — even how we vote — can be manipulated by the technology we use. Guests include journalist Carole Cadwalladr, consumer advocate Finn Myrstad, writer and marketing professor Scott Galloway, behavioral designer Nir Eyal, and computer graphics researcher Doug Roble.
Now Playing: Science for the People

#529 Do You Really Want to Find Out Who's Your Daddy?
At least some of you by now have probably spit into a tube and mailed it off to find out who your closest relatives are, where you might be from, and what terrible diseases might await you. But what exactly did you find out? And what did you give away? In this live panel at Awesome Con we bring in science writer Tina Saey to talk about all her DNA testing, and bioethicist Debra Mathews, to determine whether Tina should have done it at all. Related links: What FamilyTreeDNA sharing genetic data with police means for you Crime solvers embraced...