Google wants the world to know just how much they’re suffering from ad injection malware. According to a study they conducted last year with the assistance of the University of California’s Berkeley and Santa Barbara campuses, the team discovered that more than 1 in every 20 visits to Google’s web properties from unique IP addresses are affected by software that manipulates the user’s web browser into removing Google-delivered advertising and inserting whatever ads the malicious software’s distributors want you to see instead.
A five percent rate of effect may not sound like much. But given the lucrative incentives to the authors of this malware, the percentage is bound to increase with time. Meanwhile, even a five percent loss of ad revenue eats away at Google’s profits – and indirectly steals the marketing dollars of the more than 3,000 Google advertisers who are falling victim to this ad injection. Without the ability to place confidence behind the data from a digital marketing campaign, the advertisers small and large alike who market through Google’s AdWords platform might pull back their ad spend, and the providers of free-flowing, ad-backed content on the Internet would inevitably feel a very painful pinch. Finally, we the consumers would be saddened by the gradual reduction in the freely distributed content. Less cat photos. This is bad for business no matter how you view it.
In response, Google is taking responsible action by sounding the alarm and wielding the direct influence they have through the Chrome browser and their app ecosystem. They’ve removed nearly 200 malicious extensions from the Chrome Web Store, and say they are continuously deploying safeguards to better prevent malicious extensions from clearing Google’s approval process. They’re improving their search engine’s Safe Browsing API and upgrading Chrome’s procedure to notify the user whenever the browser encounters an interaction with potentially malicious software.
The early results of these changes look very positive. Google reports that it’s seeing a 95 percent reduction in the appearance of “Safe Browsing” warnings to users who click through an AdWords advertisement. They suggest that this means it’s becoming more difficult for malicious ad injection software to make its way into people’s browsers and computers, which in turn makes it likely more difficult for the software’s distributors to monetize their investment. Let’s hope they’re right.