Mitigation of deceptive advertisements

What is claimed is: 1. A computing apparatus, comprising: a processor and a memory; instructions encoded within the memory to instruct the processor to: identify a downloaded file on a local file system; inspect a metadata object associated with the downloaded file within the local file system; parse the metadata object to extract an advertiser identification string from a GET code portion of a uniform resource locator (URL) from which the downloaded file was downloaded, wherein the advertiser identification string identifies a third-party advertiser different from a vendor of the downloaded file; query a reputation cache for a reputation for the third-party advertiser based at least in part on the advertiser identification string; receive a deceptive reputation for the third-party advertiser in response to querying the reputation cache; and take a remedial action against the downloaded file in response to receiving the deceptive reputation. 2. The computing apparatus of claim 1 , wherein the metadata object comprises a Microsoft New Technology File System (NTFS) alternative data stream (ADS). 3. The computing apparatus of claim 2 , wherein the ADS comprises a Zone.Identifier data stream. 4. The computing apparatus of claim 1 , wherein an advertiser identification string comprises a partner or referrer identifier. 5. The computing apparatus of claim 1 , wherein the advertiser identification string comprises an advertising campaign identifier. 6. The computing apparatus of claim 1 , wherein the advertiser identification string comprises a union of a partner or referrer identifier and an advertising campaign identifier string. 7. The computing apparatus of claim 1 , wherein the reputation cache is a local cache. 8. The computing apparatus of claim 1 , wherein the reputation cache is a remote global or enterprise cache. 9. The computing apparatus of claim 8 , wherein the instructions are further to cache the reputation locally. 10. One or more tangible, non-transitory computer-readable storage media having stored thereon executable instructions to: detect a user interaction with a downloaded file system object on a local file system, wherein the downloaded file system object was previously downloaded; inspect a metadata object associated with the downloaded file system object within the local file system; parse the metadata object to extract an identification string that uniquely identifies a third-party advertiser as having referred the downloaded file system object for download from a vendor different from the third-party advertiser; receive from a reputation cache a reputation for the third-party advertiser in response to querying the reputation cache based at least in part on the identification string; and act on the reputation. 11. The one or more tangible, non-transitory computer-readable storage media of claim 10 , wherein the user interaction comprises executing the downloaded file system object as an installer. 12. The one or more tangible, non-transitory computer-readable storage media of claim 10 , wherein the reputation is a reputation for deceptivity. 13. The one or more tangible, non-transitory computer-readable storage media of claim 10 , wherein acting on the reputation comprises blocking execution of the downloaded file system object if the third-party advertiser has a reputation for being deceptive. 14. The one or more tangible, non-transitory computer-readable storage media of claim 10 , wherein acting on the reputation comprises removing the downloaded file system object if the third-party advertiser has a reputation for being deceptive. 15. The one or more tangible, non-transitory computer-readable storage media of claim 10 , wherein the metadata object comprises a Microsoft New Technology File System (NTFS) alternative data stream (ADS). 16. The one or more tangible, non-transitory computer-readable storage media of claim 15 , wherein the ADS comprises a Zone.Identifier data stream. 17. The one or more tangible, non-transitory computer-readable storage media of claim 16 , wherein acting on the reputation comprises altering the Zone.Identifier data stream to remove the identification string if the third-party advertiser has a reputation for being deceptive. 18. A computer-implemented method of scanning a downloaded file on a device-local file system, comprising: extracting, from a metadata object associated with the downloaded file on the device-local file system, data that identify a third-party advertiser that provided the downloaded file, wherein the third-party advertiser is different from a vendor of the downloaded file; querying a remote reputation service or a device-local reputation cache for a reputation of the third-party advertiser based at least in part on the extracted data; receiving a reputation that the third-party advertiser engages in deceptive advertising practices in response to querying the remote reputation; and taking remedial action against the downloaded file in response to receiving the reputation. 19. The method of claim 18 , wherein the metadata object comprises a Microsoft New Technology File System (NTFS) alternative data stream (ADS). 20. The method of claim 19 , wherein the ADS comprises a Zone.Identifier data stream.