3

I recently made a kind of "Public Service Announcement" on my website telling people that there is only one advertisement on the site and it is neatly placed into the site's design.

I did this because someone reported the site as "not working", and when asked for a screenshot of the problem, provided me with this:

ad-riddled screenshot http://ezimba.com/work/140308C/ezimba19743774066600.png

Further investigation revealed the problem to be a malicious extension called "HD Streamer".

In general, once a problem has been determined to be adware, I point them to MalwareBytes and say "it's your problem, not mine, I need to get back to work now".

This has been fine overall, and some people have learned to educate fellow users having similar problems. However, not everyone reads the questions others have asked (or else we wouldn't need "Close as Duplicate" here, now would we? ;))

Anyway, on to the point. Is there any kind of reliable way to detect the insertion of such extra advertisements on my site through JavaScript?

If I can automatically detect such... "hijacking", I could insert a box of my own to say "hey, you have adware, probably should clean that up!" ... 'Course, some malware ads disguise themselves as "you have a virus, click here to fix" boxes, so I'd have to make sure to make it obviously a part of the site's design (colours, maybe style it as a dialogue bubble belonging to a character of the site with said NPC's name, stuff like that) but I figure this would be more helpful than just dismissing them as someone who can't keep their computer clean.

Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
  • Such as counting the image and/or Flash elements on the page and comparing it to a known value? Sounds tedious. – j08691 May 19 '14 at 14:04
  • You could look into [DOM MutationObserver](http://hacks.mozilla.org/2012/05/dom-mutationobserver-reacting-to-dom-changes-without-killing-browser-performance/), I'm not sure if it's a standard yet, but it is implemented in Google Chrome 18+ and Firefox. I'm also not sure if Google Chrome isolates extension insertions. – Olumide May 24 '14 at 17:53
  • Please check this link http://security.stackexchange.com/questions/56609/js-malware-detection ..It might be helpful – coder Jun 09 '14 at 04:08

1 Answers1

0

Counting images that are standard ad resolutions isn't actually too hard. You just have to loop through document.images checking the resolution as you go. You can skip over your own ad by checking for its unique ID (of course, if it doesn't have an ID you can just skip images of a specific resolution). 

var adID = "myAdId";
//incomplete ad resolution list
var widths = [120, 160];
var heights = [600, 600];
var adCount = 0;
for(i = 0; i < document.images.length; i++){
    for(j = 0; j < widths.length; j++){
        if(document.images[i].width == widths[j] 
            && document.images[i].height == heights[j]
            && document.images[i].id != adID){
            adCount++;
            break;
        }
    }
}
if(adCount > 0){
    notifyUser();
}

Notes:

  • A list of standard ad resolutions can be found on Wikipedia.
  • Tested with in Chrome, Firefox, and IE.
  • Not tested with dynamically-inserted ads, but it should most likely work, especially if you add a delay so the extension can insert its ads first.
Nateowami
  • 1,005
  • 16
  • 23