Home The Sell Sider It’s Time To Get “Real” About Malvertising

It’s Time To Get “Real” About Malvertising

SHARE:

Alanna ClarkThe Sell-Sider” is a column written by the sell-side of the digital media community.

Alanna Clark is Director of Business Development at AdMeld, a publisher yield optimization company.

Three-day weekends, holiday seasons, a plethora of Q1 inventory. These are all normal signals and events throughout the course of our year but also triggers for more unseemly activities, namely malvertising.

The digital advertising space has always had its share of bad actors. But as the ecosystem has grown in size and complexity, so has the cunning of those who use it to spread malware. Malware puts consumers in danger, wastes the industry’s time, and sucks billions from the world economy. Until recently, speaking openly about these issues was taboo—especially for those companies that didn’t want to risk being branded as ‘malware infested.’ This kind of attitude has led to the perpetuation of two major malware myths:

Myth #1: Dealing with malvertising is the ad networks’ problem.
Ad networks get a bad rap, and though some of them deserve it, the truth is that even premium websites, marketplaces, yield optimizers, DSP’s and exchanges have had to grapple with malware despite their best efforts. Pointing the finger at networks can be satisfying (and sometimes it works), but it only gets us so far.

Myth #2: Your company has NEVER had to deal with malvertising.
Pulleeease. We’ve ALL fallen victim to this at least once (and probably a few times more we never knew about.) From here on in, if anyone tells you they’ve never had a malware-related issue, it’s completely appropriate for you to mutter an incredulous expletive under your breath.

An Ounce of Prevention
Eliminating the malvertising threat starts by taking the right steps in your own organization. Whether the deal is discretionary or direct, here are a few basics that should be on your checklist. (Feel free to contribute more in the comments!)

  1. Vet the Deal Origin
    Use tools like Google’s Investigative Research Engine, to get intelligence on the company providing the creative. You can also use apps like DomainTools’s Domain History search to see if an associated domain or server has a sketchy past.
  2. Account for the Advertiser’s Ad Serving
    In some cases, publishers, yield optimizers, DSPs, and networks are banning third-party creatives and copying them to their local servers to ensure nothing is swapped in on serve time.
  3. Pay Special Attention to Rotating Tags
    If you’re not serving the ads, a new creative/executable/forwarding URL can be rotated in at any time. A tag that runs clean on Friday morning can be a very different beast at 11 AM on Saturday. Ad tag scanning services are important, but so is staying vigilant. Some companies are beginning to ban rotating tags outright, especially when served over Real Time Bidding infrastructures where transparency and advertiser lists are key.
  4. Beware of Prepaid Deals
    While attractive and in most cases innocuous, prepaid deals are a red flag that should cause you to stop and take a much closer look.
  5. Watch for Suspicious Timing
    This means “last minute” deals, branded national deals coming from overseas, etc.
  6. Premium Brands Don’t Always Equal Safety
    Companies like American Express have spent billions developing brands of strength and security. That’s exactly why malvertising perpetrators try to hijack their creative and pose as their agencies.


Employ The Right Tools

Companies such as The Media Trust and ClickFacts have built technology to help scan ad tags/creatives and the like, cross referencing virus databases maintained by the likes of Google, Avast, McAfee and Symantec. Google has created an Anti-Malvertising Team with a site that helps you do background checks on potential partners, get best practices, and more. Yahoo’s Right Media has a homegrown Creative Tester and Spyware/Click-fraud Scanner, and Microsoft has been going after Malvertisers themselves in court.

Get Involved
In a climate of co-opetition and frenemies, working together to stamp out malvertising is a cause we can all agree on. To Google, Yahoo, Microsoft, Pubmatic, Rubicon, and anyone else who’s interested: we hope to work more closely with you on this. Perhaps a good first step would be creating an official list of best practices for ultimate approval by the IAB.

What do you think?

As skilled as any one of us is at dealing with malvertising, I think we’d all rather live in a world where we never have to. Working together is the fastest way to get there.

Follow AdMeld (@AdMeld) and AdExchanger.com (@adexchanger) on Twitter.

Must Read

Intent IQ Has Patents For Ad Tech’s Most Basic Functions – And It’s Not Afraid To Use Them

An unusual dilemma has programmatic vendors and ad tech platforms worried about a flurry of potential patent infringement suits.

TikTok Video For Open Web Publishers? Outbrain Built It.

Outbrain is trying to shed its chumbox rep by bringing social media-style vertical video to mobile publishers on the open web.

Billups Launches Attention Measurement For Out-Of-Home

Billups, a managed services agency that specializes in OOH, is making its attention measurement solution and a related analytics dashboard available for general use.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
US District Court for the Eastern District of Virginia, Alexandria

The Google Ad Tech Antitrust Case Is Over – And Here’s What’s Happening Next

Just three weeks after it began, the Google ad tech antitrust trial in Virginia is over. The court will now take a nearly two-month break before reconvening for closing arguments right before Thanksgiving.

Jounce Media's Chris Kane at Programmatic IO NY on Sept. 25, 2024.

The Bidstream Is A Duplicative, Chaotic Mess – But It Doesn’t Have To Be That Way

Publishers are initiating more and more auctions – but doesn’t mean DSPs are listening to more bids, according to Chris Kane.

Readers Are Flocking To Political News, Says WaPo – And Advertisers Are Missing Out

During certain periods this year, advertisers blocked more than 40% of The Washington Post’s inventory over brand safety concerns.