Tech bloggers were in an uproar today when it was discovered that extensions to Google Chrome are being hijacked to insert unwanted ads onto web pages. It’s only a symptom of a deeper problem that will plague all of us this year: the hunger to deliver ads to your eyeballs is making advertisers more desperate and more willing to resort to subterfuge and deceit.
The story today concerned two lightly-used extensions to Chrome that unexpectedly began inserting ads on web pages and causing ads to appear in popup windows. There was no easy way to find the source of the ads.
Extensions for Chrome are small programs that add new features to the browser. Many Chrome users use dozens of extensions for a variety of housekeeping tasks – examining source code, translating web pages, posting to social networks, and much more. One of their advantages is that Chrome extensions are updated automatically and silently.
Ars Technica was the first to report that the rights to two extensions had been purchased by advertisers, who then modified them to begin serving up ads. Chrome users were not given any notice of the change of ownership of the extensions, and the ad-serving updates were installed automatically, with no obvious way to learn that they were responsible for the ads – after all, they had already been on the computers for months doing useful things.
Today’s flap was resolved quickly. The Wall Street Journal contacted Google, which promptly removed the offending Chrome extensions.
The advertising problem, though, is only going to get worse, and there are some potentially nasty twists in the road.
The Wall Street Journal learned that other authors of more popular extensions have been approached and offered money to insert ad code or turn over the rights to their extensions. Expect to see more stories in 2014 about hijacked extensions.
It’s not a reason to avoid Chrome or stop using Chrome extensions! Like all free code, extensions come in all flavors – useful or useless, clean and elegant or badly written and buggy. Use the ones that help you. This is just today’s vector for ads. Tomorrow it will be something else.
I have been seeing many more computers brought down by adware recently. The basic techniques have not changed in years. When you install a program you believe you want, a collection of other cruddy programs is installed silently at the same time. All of a sudden you are deluged with popup windows, ads injected on web pages, and solicitations to buy programs you’ve never heard of.
The names change, although a few bad actors have been around for a while. The Ask toolbar, for example, is a lightly customized version of a toolbar distributed by IAC, an Internet media conglomerate controlled by Barry Diller. IAC distributes junk toolbars with a dizzying variety of branding.
Conduit toolbars and programs turn up frequently, usually under a pseudonym. Conduit is a large Israeli company which installs toolbars, hijacks your home page, changes your default search engine, and makes itself difficult to remove.
Adware might cause your computer to slow down or crash and it might report your browsing habits back to companies without your consent – but it’s not malware and it’s not illegal! These are written by people in suits working in billion-dollar companies. You might want to hit them but you can’t put them in jail. Antivirus programs won’t keep adware off your computer.
Advertisers will become ever more insistent. Google is working indefatigably to find new sources of ad revenue, as you’ve noticed if you’ve watched a YouTube video lately. All the companies making apps for mobile devices are frantically trying to find ways to put ads in your face, since that’s frequently the only way the company’s finances make any sense. (Think Facebook, Snapchat, Twitter, Instagram.)
Much of our new ad-driven world will be unavoidable but you can do two things to protect your computer.
— Don’t install “free” programs, especially not to do something that you know you’re not supposed to do. If you’re trying to watch sports events that are blacked out on your TV, or watch TV shows that aren’t available from legitimate online sources, you’re dealing with bad people who are getting money from worse advertisers. Trying to save a buck by getting a “free” alternative to a program from Adobe or Microsoft is frequently a losing bet.
— Always do a custom install of any “free” program and be alert for offers that can be declined. Adobe continues to bundle other programs with Adobe Flash and Adobe Reader, for example; if you’re not careful to uncheck the box, you’ll wind up with a (shudder) McAfee security program, or with Google Chrome unexpectedly set as your default browser.
As always, be careful out there!
Thanks for generously spending time thinking about my problem and even offering to help. I think its finally gone. After I crippled the dll files that enabled the thing to self replicate, and figured out how to reset their attributes so Thatni could edit, rename, and delete them from my system (a few at a time) I believe the thing is finally gone.
Wow if those characters at conduit.com are the good guys , I’d hate to meet up with any of the bad ones! I also find it more than slightly odd that doing this difficult to reverse degradation to my PC without my consent is legal anywhere.
I actually didn’t find setting up the VM on my old vista PC was very hard all. Also, I haven’t read the Windows EULA in detail ( who does?) but I’m surprised you would need individual licenses for the separate instances of Windows on the same PC. If so, it rather puts the kibosh on the whole VM idea ( unless of course the separate instances of op sys were open source, like Linux for example :-). Maybe more than one instance of Windows is to be considered cruel and unusual punishment ;-), so the others really *should* be something else .
btw, some of the malware software packages claim to be able to remove the conduit.com. “Internet Helper” and it’s brothers (at the moment I’ve forgotten which) whereas MS Security essentials didn’t. This is obviously just one instance, but it suggests these tools are not all equally capable . I may spring 30 for viper and see how it feels. Ill let you know how it goes.
Read it and weep: Conduit publisher network, a 1.3 billion dollar company.
Lots of programs will help you remove various bits of adware after they’ve gotten onto your computer. You’re looking for something that will stop it before it is installed. That’s tricky. The security vendors can’t decide that a program should be blocked based on some arbitrary determination that most people wouldn’t like it. The 1.3 billion dollar companies have a different opinion and as you can imagine the lines get blurry and grey very quickly. Example: When you install a number of well-known utilities, they offer to install Google Chrome as an “optional” extra which is easy to overlook. In the process, Chrome is set as your default browser; your home page is changed; your default search provider is changed; a toolbar is installed in Internet Explorer; and uninstalling Chrome frequently has the side effect of breaking the computer’s ability to open a browser when a link is clicked, due to a bug in the uninstall routine. Google’s primary business is advertising. Should Chrome be blocked by a security program? (Sometimes I think so when I’m cleaning up the mess.)
So typically the programs that remove adware are not also fulltime security programs that block adware in the first place.
Licenses for Windows VMs – yup, that’s the law: install Windows, get a license. MS included a Windows XP VM in Windows 7 to run old apps – it’s a special exception covered by the Win7 license. Some people put on a trial version of Windows in a VM, extend the trial by some well-known tricks for 90 days or so, then blow it out and start over when the trial expires. Not a bad way to go, if you find that sort of thing fun.
Glad you’re back up and running!
Thx Bruce for providing some ideas. i had Tried System Restore to the earliest date available, but the evil thing popped back. Did several other things directly and managed to corrupt some of their .dll’s on Tenacious unwanted files, so it couldnt regenerate itself ,and I think i may have eliminated it now. I feared I might have to wipe the whole op sys and begin again, which would have been a very long and painful recovery. Jake offered what I thought was a brilliant protection paradigm; just make a separate instance(s) of windows inside a VM to cordon off the risky from the sensitive parts of my computer usage. .. this would have one VM of Windows for web browsing and downloads (risky), one for sensitive (containing account info and financial info), one for Internet purchases (risky) and one big one with my hard to reinstall or replace apps and files which would never be exposed to the internet directly or to the hazards of the others. Then if I was forced to wipe an op sys because I picked up some malware I couldnt otherwise kill, the wipe would be **much* less painful .
What do you think of this idea. I already have a VM set up to run Linux and other stuff.
Also, I don’t mind paying for better malware software if it is better. reliably avoiding instances like this is worth the money. I found a malware review http://www.pcantivirusreviews.com which ranked a bunch of them, and put Viper , BitDefender, and Avira in the top three slots of 10 slots. Cost for any of the above is about $30.00 I am supposing whatever I purchase or otherwise obtain will not peacefully coexist with my present tool, which base on a long ago conversation with you, is MS Security Essentials.
Any further thoughts?
Running separate VMs is more work than the bad guys deserve. Plus it can be an expensive exercise to get the Windows licenses you’d need to do that. So it’s not impossible, just a lot of effort. If you’re up for it and it seems like fun, sure, try it, but it’s overkill for the threats out there.
A much easier alternative: follow all the guidelines in today’s article about safety. Windows 7? Use the built-in backup to an external hard drive, and make sure you have the separate Image Backup in addition to the daily data backup. Stay up to date. Let me set up my management system to install updates if you want to automate it.
Then set up an online backup for data. Call me and get my cloud backup running, or use Carbonite.
All of the AV programs are good. Regardless of the ratings, all of them provide roughly the same level of protection. Most of them are noisier than MS Security Essentials (lots of popup windows and toolbars and announcements about how swell they are) without necessarily being better, which is why I like the MS program. Feel free to try another one! They’re all fine. Rule of thumb: only one AV program can run. Uninstall MS SE before putting another program on.
Sadly, none of them will protect you against the exploits being used by the bad guys today (or the good guys pushing out adware, who are almost as bad). That takes common sense and lots of paranoia before clicking links.
Call me if you want me to check out the poor afflicted system. Evening is fine. I’ll be happy to take a look. Good luck!
Conduit and Internet Helper 3.1 as well as a few other oddly named Chrome extensions and related Program Data and Program Files which tenaciously resist deletion by fiddling with permissions have infested my windows vista x64 machine. Frustratingly, when I uninstall them, remove the Chrome extensions, they reappear. With some effort, I can, delete the program files and program data , only after undoing their permissions, read onlyness, and hidden-ness with administrator privileges, but some hoe they come back! I run virus scans and do not find anything (MS Security Essentials ). There are malware removal tools out there which claim to find and remove such vermin (e.g., AdwCleaner, among others) but I want to make sure the cure isn’t worse than the disease. Do you have any favourite malware masher ? Or any other words of advice . I spent most of my Saturday unsuccessfully battling this thing 🙁
Ouch! Those can be almost impossible to remove once they get a foothold. Unfortunately some of the obnoxious programs aren’t classified as “malware” and they don’t trigger anything from the security programs. Conduit is a big, legitimate company that just happens to distribute intrusive, horrible software – but they’re not criminals, they’re well-paid executives in business suits.
You might not win the battle, but there are two weapons that you didn’t mention:
— System Restore is your friend. It’s built into Windows – search Control Panel for it. If you can run it, turn the clock back to a date before that stuff got onto the computer. It might partially undo the programs that were installed. It does not remove any data, just restores certain system files to an earlier date. If you’re lucky, it will remove the new programs or get them to a place where they can be manually removed.
— Malwarebytes is still the best free tool to clean malware after it has gotten onto a computer. See if it turns anything up.
Good luck!