|
Another ex-adware person here, from the download valley itself. AFAIK, the key roles in the adware ecosystem are: a. Distribution Done mainly through "Pey Per Install" companies such as IronSource, InstallMontizer (actually funded by YC: https://news.ycombinator.com/item?id=5092711), InstallRex, etc. These folks bundle legitimate programs with adware in their installers. They use dark patterns (http://www.hanselman.com/blog/DownloadWrappersAndUnwantedSof...) in order to deceive users to install the offered "product". Some of them make it intentionally hard (practically impossible for the non-techie user) to uninstall the adware, or downloading additional adware without user consent (drive-by). Other shady practices include the use of malvertising (e.g. ad that mimic flash, acrobat or OS update) and the most extreme one, which is rare but exists, is exploit kits. b. Monetization Done mainly with advertising and information harvesting. Common practices (aka "revenue models"): ad injection (banners, pop-up\under, etc), affiliate fraud ("price comparison widgets", or just forcefully redirect user through affiliate link) , lead generation (e.g. scraping insurance details), social networks spam (Selling views, likes, followers, etc - works because google\fb\etc eliminates fake bot account fairly efficiently, but adware just impersonate real authenticated sessions) and selling cheap traffic. |
I want to add this: The profit of an adware company is the difference between its user acquisition cost and the revenue from the monetization phase. As the monetization phase gets shortened by AV detection and removal, the lower the revenue gets. This cause adware vendor to adapt new methods that transitionally were associated with "more evil" malware (banking trojans): they use crypters and vulnerabilities in AVs in order to evade detection, randomly generated domain names (for the C&C, inject and publishing domains), etc.
Feel free to AMA