http://arxiv.org/pdf/1602.07128v1.pdf Conclusions
In this work we reveal a new side to the practice of false
content injection on the Internet. Previously, discussion
on this practice focused on edge ISPs that limit their misdeeds
to the traffic of their customers. However, we discovered
that some network operators inject false content
to the traffic of predetermined websites, regardless of the
users that visit them. Our work leverages the observation
that rogue content injection is done out-of-band. It
can hence be identified while monitoring an edge network
in which the victim clients reside. Our analysis is
based on extensive monitoring of a large amount of Internet
traffic. We reveal 14 groups of content injections
that primarily aim to impose advertisements or even maliciously
compromise the client. Most of the financiallymotivated
false content injection we observed originated
form China. Our analysis found indications that numerous
injections originated from networks operated by
China Telecom and China Unicom – two of the largest
network operators in Asia.