Home The Sell Sider It’s Time To Get “Real” About Malvertising
OPINION: The Sell Sider

It’s Time To Get “Real” About Malvertising

By Ad Traders

SHARE:

Alanna ClarkThe Sell-Sider” is a column written by the sell-side of the digital media community.

Alanna Clark is Director of Business Development at AdMeld, a publisher yield optimization company.

Three-day weekends, holiday seasons, a plethora of Q1 inventory. These are all normal signals and events throughout the course of our year but also triggers for more unseemly activities, namely malvertising.

The digital advertising space has always had its share of bad actors. But as the ecosystem has grown in size and complexity, so has the cunning of those who use it to spread malware. Malware puts consumers in danger, wastes the industry’s time, and sucks billions from the world economy. Until recently, speaking openly about these issues was taboo—especially for those companies that didn’t want to risk being branded as ‘malware infested.’ This kind of attitude has led to the perpetuation of two major malware myths:

Myth #1: Dealing with malvertising is the ad networks’ problem.
Ad networks get a bad rap, and though some of them deserve it, the truth is that even premium websites, marketplaces, yield optimizers, DSP’s and exchanges have had to grapple with malware despite their best efforts. Pointing the finger at networks can be satisfying (and sometimes it works), but it only gets us so far.

Myth #2: Your company has NEVER had to deal with malvertising.
Pulleeease. We’ve ALL fallen victim to this at least once (and probably a few times more we never knew about.) From here on in, if anyone tells you they’ve never had a malware-related issue, it’s completely appropriate for you to mutter an incredulous expletive under your breath.

An Ounce of Prevention
Eliminating the malvertising threat starts by taking the right steps in your own organization. Whether the deal is discretionary or direct, here are a few basics that should be on your checklist. (Feel free to contribute more in the comments!)

  1. Vet the Deal Origin
    Use tools like Google’s Investigative Research Engine, to get intelligence on the company providing the creative. You can also use apps like DomainTools’s Domain History search to see if an associated domain or server has a sketchy past.
  2. Account for the Advertiser’s Ad Serving
    In some cases, publishers, yield optimizers, DSPs, and networks are banning third-party creatives and copying them to their local servers to ensure nothing is swapped in on serve time.
  3. Pay Special Attention to Rotating Tags
    If you’re not serving the ads, a new creative/executable/forwarding URL can be rotated in at any time. A tag that runs clean on Friday morning can be a very different beast at 11 AM on Saturday. Ad tag scanning services are important, but so is staying vigilant. Some companies are beginning to ban rotating tags outright, especially when served over Real Time Bidding infrastructures where transparency and advertiser lists are key.
  4. Beware of Prepaid Deals
    While attractive and in most cases innocuous, prepaid deals are a red flag that should cause you to stop and take a much closer look.
  5. Watch for Suspicious Timing
    This means “last minute” deals, branded national deals coming from overseas, etc.
  6. Premium Brands Don’t Always Equal Safety
    Companies like American Express have spent billions developing brands of strength and security. That’s exactly why malvertising perpetrators try to hijack their creative and pose as their agencies.


Employ The Right Tools
Companies such as The Media Trust and ClickFacts have built technology to help scan ad tags/creatives and the like, cross referencing virus databases maintained by the likes of Google, Avast, McAfee and Symantec. Google has created an Anti-Malvertising Team with a site that helps you do background checks on potential partners, get best practices, and more. Yahoo’s Right Media has a homegrown Creative Tester and Spyware/Click-fraud Scanner, and Microsoft has been going after Malvertisers themselves in court.

Get Involved
In a climate of co-opetition and frenemies, working together to stamp out malvertising is a cause we can all agree on. To Google, Yahoo, Microsoft, Pubmatic, Rubicon, and anyone else who’s interested: we hope to work more closely with you on this. Perhaps a good first step would be creating an official list of best practices for ultimate approval by the IAB.

What do you think?

As skilled as any one of us is at dealing with malvertising, I think we’d all rather live in a world where we never have to. Working together is the fastest way to get there.

Follow AdMeld (@AdMeld) and AdExchanger.com (@adexchanger) on Twitter.

Must Read

PODCAST: The Big Story

The Big Story: Live From CES 2026

Agents, streamers and robots, oh my! Live from the C-Space campus at the Aria Casino in Las Vegas, our team breaks down the most interesting ad tech trends we saw at CES this year.

Monopoly Man looks on at the DOJ vs. Google ad tech antitrust trial (comic).
antitrust

2025: The Year Google Lost In Court And Won Anyway

From afar, it looks like Google had a rough year in antitrust court. But zoom in a bit and it becomes clear that the past year went about as well as Google could have hoped for.

Measurement

Why 2025 Marked The End Of The Data Clean Room Era

A few years ago, “data clean rooms” were all the ad tech trades could talk about. Fast-forward to 2026, and maybe advertisers don’t need to know what a data clean room is after all.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Publishers

The AI Search Reckoning Is Dismantling Open Web Traffic – And Publishers May Never Recover

Publishers have been losing 20%, 30% and in some cases even as much as 90% of their traffic and revenue over the past year due to the rise of zero-click AI search.

CES 2026

No Waiting for May – CES Is Where The TV Upfront Season Starts 

If any single event can be considered the jumping-off point for TV upfronts, it’s the Consumer Electronics Showcase (CES), which kicks off this week in Las Vegas, Nevada.

Comic: This Is Our Year
Comic

Comic: This Is Our Year

It’s been 15 years since this comic first ran in January 2011, and there’s something both quaint and timeless about it. Here’s to more (and more) transparency in 2026, and happy New Year!

Popular

  1. CTV

    Interactive CTV Ads Were Mostly Talk – Until Now

    For years, interactive CTV advertising was the star of industry demos – promising, flashy and mostly theoretical. In 2025, they finally made the leap from proof of concept to practice.

  2. agentic AI

    AI Agents Are Taking Over NBCU’s Linear TV Buys

    NBCU is testing agentic systems that can automatically activate campaigns across its entire portfolio – including live sports on linear.

  3. CTV

    Amazon Ads Shares Interactive Video Best Practices At CES 2026

    Maggie Zhang from Amazon Ads talks interactive video strategy, including opportunities on Amazon Prime Video and which genres drive the most engagement.

  4. Measurement

    Why 2025 Marked The End Of The Data Clean Room Era

    A few years ago, “data clean rooms” were all the ad tech trades could talk about. Fast-forward to 2026, and maybe advertisers don’t need to know what a data clean room is after all.

  5. Daily News Roundup

    Who Would Grab The Live Wire?; AI, AI Everywhere

    Off Ramp Publicis signed a deal to license LiveRamp’s RampID and Authenticated Traffic Solutions (its alternative IDs to third-party cookies) on behalf of clients. This alone is hardly major news. After all, LiveRamp sells its cookieless identity products to all the major holdcos.  But Ad Age also reports that Publicis execs were “exploring” the idea […]