The advertising industry in the cyber space has a distinctively new approach that has become a controversial issue when adware (click here if you do not know what is adware) came to the surface. Advertising through adware is not favourable by the majority of internet users due to the annoying popups or the potential malicious behaviour they introduce. This report is intended to cover the different types of adware, tracking methods and the dangers associated with adware that users might be prone to. Therefore, if you are a fan of free downloads of free tools, software, books, and/or films, you must read this!!.
Types of Adware:
Aycock suggested that there are six identifiable properties used to classify advertisements. One of them is a size-changing advertisement, where the dimensions of the advertisement change to unveil the advertisement when being displayed. Another property is the content-hiding advertisement in which the content is not fully displayed to the user leading to more time before the user could take an action to close the advertisement. The advertisements that open a new window to show the intended advertisement are known to be window-opening advertisements. However, Interstitial Advertisements are the most awkward to define as some considered advertisements appearing between paragraphs in the page as interstitial, others said no because of definition differences. Aycock defined them as those advertisements which result in a major change in the web page content (e.g. transition from one page to another). Sometimes the use might need to take an action in order to check the full advertisement, such action is nontrivial, and therefore such advertisements are known to be interactive because the user has to interact nontrivially with the advertisement. The last type is the content-changing advertisements where they have deeper integration by changing the content of the page (changing or adding extra links) unlike the previous type where they have limited access to the page.
Moreover, advertising can be in different forms, such as text-based, images, animation, or even a video. Some of the popular advertisement media are as follow:
Banner Advertisement: this kind of web advertisements appear as a banner somewhere above or beside the original age content. Usually the click on those banners leads the user to the website of that advertisement. Such is favoured by many websites (especially popular blogs) as they return some benefit to the hosting website for every bulk of clicks.
Banner advertisement with pull-down menu: such advertisements have attracting content that makes the user click on them to reveal a menu regarding more information about the advertised item or webpage. Therefore, this kind of adware is seen as a content-hiding and interactive advertisement.
Expandable Banner Advertisements: those are considered to be a mixture of size-changing, content-hiding, and interactive advertisements. At the first glance, they look like a normal banner, however when the user hovers over the advertisement (or clicks) it expands over the page showing a larger content or a whole new webpage.
Pop-up Advertisement: the most annoying form is pop-up adware; classified as content hiding and a window-opening advertisement because a new window opens based on some action (or a mere visit to a web page could bombard the user with pop-ups) the user takes. Such behaviour is annoying because it requires the user to close the new window in most cases.
Pop-under advertisement: another window-opening advertisement which is almost the same as the pop-up one, however it differs as it goes behind already opened browser windows and may not be noticed for long period resulting into losing the source of the advertisement.
Floating advertisement: a content-hiding advertisement that come over the content within the same page with usually a timer for auto-closing or to enable the close button of the advertisement.
Video Advertisements: in some way functioning the same way as those seen on TV. Video advertisements can come before watching a video (youtube), while watching (Hulu), or even after watching the video. Some advertisements appear on the video while streaming (a good example would be websites hosting streams of sport events illegally) which can be distracting.
Tracking and Threats:
Adware is usually associated with spyware due to the shared characteristics between them. Whenever someone opens a webpage, or searches the internet using Google, or Bing, their browsing preferences, history, and more information are stored in cookies along with some of those habitual information are being collected by certain companies to build up a profile of that user in order to target them with specific kind of advertisements that fit into their interests. For instance, when a user has a toolbar in their browser as a cost of some freeware they have downloaded, that toolbar would send every URL to a remote server along with the IP address of the victim. The server then sends back a set of related links and once one of them is selected then it is sent back to the server to be added to the profile of the user . Another cookies-related tracking method is the use of third party cookies which refers to the cookies stored in the user machine because some of the advertisements in the advertising site are located in another websites. Thus, the user’s browsers stores multiple cookies for different sites just from one visit, therefore their browsing habits are spread across many websites faster. Additionally, some functions of CSS(cascading style sheets) that are used for page formatting allows the websites to recognise if a link has been visited or not, an example would be as follow :
<style type=”text/css”>
#tracker:visited {
background: url(evil.jpg);
}
</style>
<a href="http://www.website.com/" id=”tracker”></a>
Interestingly, some other companies collect more security breaching information about the user. A company called GAIN that is an advertising network uses and implements a subscriber ID for every profile to make it more accurate and comprehensive. Not only the profile contains the habits and historical records of pages visited and time spent on each of them, but it also involves the gathering of “geographic information such as the country and city and information such as the first four digits of a credit card number used to make purchases. Additional demographic information can also be bound to the subscriber ID”. In worse cases, it might harvest information about the user’s system, processing running, registry entries, and the whole fingerprint of the operating system as well as hardware information.
However, statistics about the user’s machine and browsing habits may not be as much important as their personal and confidential information. Personal data might be one or a combination of names, credit card numbers, mobile numbers, login names & passcodes, online transactions and IM sessions. The best example given by Symantec is a company called comScore Networks, this company aggregates the information via the distribution of software named MarketScore, which harvest information including SSL session, and sells that information to its clients. Another technique used to dump the traffic is by establishing proxy servers to act as man-in-the-middle. Symantec alleged that the company overcomes the encrypted traffic by “using the same technique a malicious hacker would use in conducting a man-in-the-middle attack; installing a trusted root certificate on the user’s machine where HTTPS traffic is encrypted between the user and comScore using comScore’s public key and between comScore and the bank using the bank’s public key. comScore can then decrypt and view the traffic from the user and re-encrypt it before connecting to the bank on behalf of the user”.
Tackling the Problem and Legal Implications:
The problem of adware and tracking software is not easy to fight against. Therefore, any user must be well informed about the consequences of installing freeware that usually has a very long licence agreement which mentions that the software might be spying or tracking the usage on the system and unfortunately the majority of users ignore such statements. In some cases there’s a choice of not installing the bundled adware part (such as opting not to install browser toolbars). Removing spyware is difficult in most cases because it is usually installed separately from the original application, and in some cases a deep search into the registry is required to check for any traces of the spyware. Luckily, there are some applications that help detect and remove spyware/adware automatically; Ad-Aware and Spybot are best choices. Enhancing the system with a firewall is a must to inspect and stop the traffic going out of the system if not favourite. Moreover, paying attention to cookies is a good practice in order to have cleaner browsing from targeted advertisements appearing every time the browser opened.
Advertiser may have to make note that there are many laws existed to protect private information of people. For example, student data are only authorised to be accessed by students, academic personnel, or guardians, therefore having access to such information is considered illegal and the software tracking behaviour under the consent of the user does not allow such act. The same applies to medical records and financial information. However, the in most countries users are protected by the law with the definition of security breach as to cause damage or steal information of a value from one’s computer or system. Consequently, companies that collect habitual information of users escape being prosecuted because they are collecting information using cookies, or software that a user has deliberately agreed to install with the assumption they have read the privacy statement of downloaded software (which they normally do not read). Moreover, in some cases removing the adware/spyware part of the freeware/share might lead to legal charges against the user because of breaking the copyright laws.
Non web-based adware:
Most of adware is hosted by websites; however there are different locations advertising might be implanted. We have previously seen that adware may come as a consequence of installing freeware/shareware or downloaded toolbars. Nonetheless, a deeper look is required to have comprehensive understanding of adware. Advertisements can be based on the user machine, adjacent machine, a network, and a remote server. To some extent, any freeware/shareware imposes a price of installing another tool or application that would be responsible for displaying advertisements on the user’s machine, and download new ones from time to time. If multiple advertisements are to be displayed then the advertising software would act as a managing application that has a connection to a server where it sends browser search keywords, word processor words, and other applications’ data that it has gathered previously. The manager software would specify the properties and number of advertisements needed along with ratings in some cases. Such advertising technique is called centralised advertisement.
Since the internet users connect to the internet through ISPs; traffic is most likely prone to be monitored. Therefore, network-based advertising allows the changing or altering of returning traffic to the user’s machine is possible, and hence, they might not be a necessity to install advertising software on the user’s machine. Instead, advertisements could be injected into the incoming traffic from the ISP controlled equipment. Such a method is used by many ISPs where a need of delivering information to users, filtering content, and displaying ISP advertisements.
The near-machine approach is considered to be tricky for anti-spyware software because of the operating techniques. The approach is to install the advertising software in one user’s machine without displaying advertisements to that user; however the adware would send advertisements to machines within the same network (e.g. public Wi-Fi networks) which are not infected by the adware application. This is achievable using ARP poisoning in which the infected machine’s adware tells other adjacent machine’s to send their traffic to its address rather than sending to the centralised network device (wireless router).
In summary, even though not all advertisements are bad, one has to be careful when browsing the internet, downloading freeware/shareware, and visiting untrusted websites. Such means carry dangerous consequences in terms of personal information leakage and being profiled based on browsing habits. Prevention techniques have to be taken into consideration to have relatively more secured usage of the internet.