| Great answer. I can confirm that the market is indeed specializing through separation of the distribution and monetization operations. More interesting bytes: * Ad injection mentioned in the last ANA&WhiteOps fraud report (http://www.ana.net/content/show/id/botfraud), they found that over 500K ads were injected every day to one publisher. * Research on in-webstore extensions (https://www.usenix.org/system/files/conference/usenixsecurit... used dynamic analysis system called "Hulk" to detect malicious extensions. Summary of the results: Analysis result Count
Malicious 130
Suspicious 4,712
Benign 43,490
Total 48,332 Detection class Count
[s] Injects dynamic JavaScript 2,672
[s] Produces HTTP 4xx errors 2,322
[s] Evals with input >128 chars 451
[m] Prevents extension uninstall 56
[m] Steals password from form 39
[s] Requests to non-existent domain 26
[m] Keylogging functionality 23
[m] Injects security-related HTTP header 11
[m] Steals email address from form 10
[m] Uninstalls extensions 8 c. Another paper (https://www.usenix.org/legacy/event/collsec10/tech/full_pape... from the EPFL calculates the potential revenue of an adversary as a function of adversary power to modify ads traffic (http://i.imgur.com/ut2jjQl.png). d. There is also companies like rgnets (http://rgnets.com/), amobee (http://www.amobee.com/) and FrontPorch (http://www.frontporch.com/), which offers network appliance that performs the HTTP interception and tampering. In this method there is no need to install anything on the user, all you need him to do is connect your network. Large public networks (hotles, events, airports, etc) are using it as well as some ISPs. |
