Towards Understanding Privacy Implications of Adware and Potentially Unwanted Programs

Tobias Urban, Dennis Tatang, Thorsten Holz, Norbert Pohlmann

European Symposium on Research in Computer Security (ESORICS), Barcelona, Spain, September 2018


Web advertisements are the primary financial source for many online services, but also for adversaries. Successful ad campaigns rely on good online profiles of their potential customers. The financial potentials of displaying ads have led to the rise of malicious software that injects or replaces ads on websites, in particular, so-called adware. This development leads to continuously further optimized and customized advertising. For these customization's, various tracking methods are used. However, only little work has gone into privacy issues emerging from adware.

In this paper, we investigate the tracking capabilities and related privacy implications of adware and potentially unwanted programs (PUPs). Therefore, we developed a framework that allows us to analyze any network communication of the Firefox browser on the application level to circumvent encryption like TLS. We use this framework to dynamically analyze the communication streams of over 16,000 adware or potentially unwanted programs samples that tamper with the users' browser session. Our results indicate that roughly 37% of the requests issued by the analyzed samples contain private information and are accordingly able to track users. Additionally, we analyze which tracking techniques and services are used by attackers.


Tags: Adware, Potentially Unwanted Programs, privacy