My approach is fairly simplistic right now (hooks into Chrome's extension installation and disables a blacklisted extension as soon as it's installed, updated, or recognized after a database update), but as I'm digging more into these nasty extensions, I'm seeing some patterns in the DOM injection that I'm also going to watch for separately. So, while an extension block list will catch the dumb extension owners or those who sell to adware companies, the more sophisticated analysis of the DOM and watching for script/load requests to certain domains should at least alert the user to the presence of certain adware (even if I can't track down exactly which extension may be causing it).

But I need your help! The database of malware extensions and malware-peddling domains that powers this whole thing lives over at https://github.com/extensionwatch/database. I need you all to help me fill in the current crop of evil extensions and adware dispensing domains. The database will live in this repository, be built using a Rake task, and deployed to users of the extension. The idea is to have a completely open and collaborative repository of this stuff to alleviate a lot of the (justified) "who's watching the watchers" paranoia.

Anyhow, feel free to file issues on either of those repositories to start discussions. I'll be around the comments this afternoon, too, and I'm also available via e-mail at my HN username at gmail.