Google published (PDF document) the results of a one-year study on the Unwanted Software industry last week detailing how networks and their products operate.
Unwanted software refers to programs that users don't really need or want, but that get installed anyway on user systems.
Google classifies these programs into the following five groups: ad injectors, browser settings hijackers, system utilities, anti-virus, and major brands.
If you look closer at those five groups, you may compress them further into two. The first, comprised of ad injectors and browser settings hijackers, modifies programs a user uses, web browsers mostly, to earn revenue from injected display ads or modified search engine settings.
The second group, system utilities, anti-virus and major brands, is all about affiliate revenue. Companies pay affiliates for installs of their programs, and publishers that are part of the unwanted software industry take advantage of that by pushing these installs.
Companies mentioned explicitly in the study are AVG, LavaSoft, Comodo, Opera and Skype. While most are not involved directly, the study suggests that Opera Software interacts directly with pay per install operators (while most interact with affiliates that interact with pay per install operators).
We observe a small number of major software brands including Opera, Skype, and browser toolbars distributed via PPI. Based on the affiliate codes embedded in the download URLs for Opera, it appears that Opera directly interacts with PPI operators to purchase installs rather than relying on intermediate affiliates.
Offers by the four largest pay per install companies -- Amonetize, OpenCandy, InstallMonetizer and Outbrowse -- fly partly under the radar when it comes to being flagged by antivirus software. Between 68% (Amonetize) and 20% (OpenCandy) of offers were flagged by at least one antivirus engine on Virustotal on average over the course of the study.
Networks provide advertisers with a toolset that checks for installed antivirus and security solutions prior to presenting offers.
It consists of a blacklist of Registry keys and strings, and file paths that prevents offers from being displayed if blacklisted items are discovered on the computer. Apart from antivirus solutions, these blacklists may also contain information about virtualization software.
Google discovered information about the lucrativeness of the market. Successful installs bring the publisher between $1.50 and $0.02 per install. This depends solely on the region the installation is recorded in.
Generally speaking, North-America, Europe (West) and Australia are the most lucrative markets for pay per install campaigns.
Two of the five unwanted software groups affect Google's bottom line directly. The company loses revenue from ad injections and from search hijackers. The same can be set for other companies that develop web browsers but only to a degree. Mozilla is paid for driving search traffic to partner search engines.
It would be unfair to limit Google's motivation to deal with the distribution of unwanted software to that though. There is support requests that need to be taken into consideration, user perception of browsers or search engines.
If you like our content, and would like to help, please consider making a contribution: