Study: Auto-redirect attacks cost publishers, marketers $1.13B annually