| Hey Matt - Adwarekiller gave a good answer, and I'll add some of my own notes. * Distribution is mostly consolidating. A lot of adware companies used to both buy their own distribution through either pay per install or revenue share agreements and then monetize those users themselves. Now, the ecosystem is fracturing into companies that actually perform the distribution and companies that monetize those users. * Large distribution companies:
- IronSource (this article)
- InstallMonetizer (YC funded as adwarekiller mentioned)
- Web Pick Internet Holdings (InstallRex as adwarekiller referenced them) http://www.web-pick.com/
- Cross Rider https://crossrider.com/
- Ad Peak http://adpeak.com/
- Conduit & Perion http://conduit.com/ & http://www.perion.com/ * Large monetization companies:
- Future Ads & Traffic Vance for banners and pop ups https://www.futureads.com/ & https://www.trafficvance.com/
- Lead Impact for pop ups http://leadimpact.com/
- Advertising.com for banners and text ads (yes, an AOL company powers a lot of adware) https://www.advertising.com/
- Ad Peak http://adpeak.com/ for banners, text ads, pop ups, and ecommerce (like Superfish) (they seem to do a lot of both distribution and monetization)
- 50onRed (as adwarekiller mentioned) for banners, text ads, pop ups, and ecommerce http://50onred.com
- Superfish for ecommerce http://superfish.com
- AdOn for text ads, pop ups, and email http://www.adonnetwork.com/ Both Yahoo and Google are in bed with the adware companies via search reset deals and white labeled SERP pages. There are a lot more companies in the ecosystem. It's massive. A good rule of thumb right now is that if a company advertisers they have cut a deal with an adware company (either directly or indirectly). As you can see from the above list, there is also A LOT of VC money in the ecosystem. The reach extends further when you consider companies that get benefit, like CPXi (http://www.cpxi.com/), AppNexus (http://www.appnexus.com/), OpenX (http://openx.com), or even Amazon Web Services, Google Apps, etc. since these services usually power the business, too. http://www.benedelman.org/ is a good source to learn more. Here is a breakdown of IronSource's install tactics: http://www.benedelman.org/news/021815-1.html If you'd like to talk more, let me know. |
More interesting bytes:
* Ad injection mentioned in the last ANA&WhiteOps fraud report (http://www.ana.net/content/show/id/botfraud), they found that over 500K ads were injected every day to one publisher.
* Research on in-webstore extensions (https://www.usenix.org/system/files/conference/usenixsecurit... used dynamic analysis system called "Hulk" to detect malicious extensions. Summary of the results:
Analysis result Count Malicious 130 Suspicious 4,712 Benign 43,490 Total 48,332
Detection class Count [s] Injects dynamic JavaScript 2,672 [s] Produces HTTP 4xx errors 2,322 [s] Evals with input >128 chars 451 [m] Prevents extension uninstall 56 [m] Steals password from form 39 [s] Requests to non-existent domain 26 [m] Keylogging functionality 23 [m] Injects security-related HTTP header 11 [m] Steals email address from form 10 [m] Uninstalls extensions 8
c. Another paper (https://www.usenix.org/legacy/event/collsec10/tech/full_pape... from the EPFL calculates the potential revenue of an adversary as a function of adversary power to modify ads traffic (http://i.imgur.com/ut2jjQl.png).
d. There is also companies like rgnets (http://rgnets.com/), amobee (http://www.amobee.com/) and FrontPorch (http://www.frontporch.com/), which offers network appliance that performs the HTTP interception and tampering. In this method there is no need to install anything on the user, all you need him to do is connect your network. Large public networks (hotles, events, airports, etc) are using it as well as some ISPs.