Comments on: Malicious Ads getting More Attention — People Still Clueless

By: Infecting the Ad Pool - Tim Howgego

Infecting the Ad Pool - Tim Howgego — Sat, 12 Jul 2008 21:29:30 +0000

[...] Malicious Ads getting More Attention — People Still Clueless – Common misunderstandings. Tim Howgego, 12th July 2008. Related topics: Advertising, El, Malvertising, Uncategorized. [...]

By: Jeremy

Jeremy — Fri, 30 Nov 2007 21:23:07 +0000

Mike,

I am glad you were as upset as I was with that article, the next big thing they are doing is rotating the ads via iframes, so you can’t catch them as easily since they are making the ad decision at the backend and you never see the correct creative until its already hit the sites and you have the complaints.

Ad Operations is a thankless job and that E-week story implied that we didn’t even know about these things until now.. How lame

By: Frank

Frank — Mon, 26 Nov 2007 04:57:27 +0000

I agree with you and Rob! The only way this problem can be fully annihilated is with a system that allows for only a pre-approved set of third party servers.

By: Mike

Mike — Sun, 25 Nov 2007 20:42:36 +0000

Hi Frank,

First off — the auditing team would have to extract and analyze the actionscript of every creative. 99% of all flash files have totally innocuous and standard actionscript — easily identified by a normal person with a tiny bit of training. The other 1% would then pass through further inspection — For creatives that rely on third party servers, certain could be “certified” (eg pointroll for rich-media), and all other creatives would be thrown out.

Because the flash will be hosted by the repository, there will be no way of altering the action-script and if only approved third party servers are allowed then no malicious ads should be able to sneak in.

-Mike

By: Frank

Frank — Sun, 25 Nov 2007 08:23:30 +0000

This problem might me more difficult than the ordinary eye can see. Meaning what prevents these dubious people from tweaking the action scripts to do something else right after it has been certified by this central body?
For example one can instruct the script to provoke a legitimate action from a 3rd party server(which the central body will ok) and then change that action to something else after the creative has been approved.

By: Rob Leathern

Rob Leathern — Sun, 25 Nov 2007 06:03:12 +0000

I have overseen the review of thousands of ads using Right Media’s system, with daily incremental reviews. The problem is, though, if you’re daisy-chaining with various ad networks and are accepting third-party tags, other creative can be swapped in … and in fact we sometimes found that in the evenings some of the “safe” ads we saw got switched for non-family safe adult ads. Of course, spyware-launchers and other types of ads showed up less frequently after all our precautions, but they were still not 100% eradicated. I agree the industry needs to do more to set some standards here if it display is to continue to grow and improve.

By: B. Nones

B. Nones — Fri, 23 Nov 2007 04:30:54 +0000

Strange that you mention this, as we’re about to launch what could very likely be a safe repository of malware-free ads: http://www.brandjury.com

Mike, email me if you get a chance. I’ve not been able to find a way to get in contact with you, and didn’t know how often you checked this blog.

By: Sandi

Sandi — Thu, 22 Nov 2007 23:21:01 +0000

) Do I sense a little frustration in your post? I’ve been saying pretty much the same thing:

http://msmvps.com/blogs/spywaresucks/archive/2007/11/07/1285567.aspx

The problem isn’t new, but what is new is the big name sites that have been hit. In the past the problem has been most prevalent on small sites that use cheap advertising.

In the past couple of weeks I’ve worked on outbreaks that have hit ok-magazine, allmusic.com, the Sensis network (that was a biggy) and tonight I have received word that National Geographic has been hit. Then there are the outbreaks that I haven’t had personal experience with that I heard of that have allegedly hit The Economist, Groups MSN and a couple of other big names.

It’s getting to the stage where the industry as a whole will have no choice but to make the changes that you suggest – it is that or audit every single advertisement that comes through – it’ll be cheaper and easier to follow your actionscript suggestion.

Note, I haven’t caught a redirect at National Geographic yet, but it’s only a matter of time.

By: Ben

Ben — Thu, 22 Nov 2007 20:15:21 +0000

Mike,

I believe that admonsters has an ongoing project to institute something like a Safe creative repository that you have mentioned. You can see it at

http://www.admonsters.org/archives/2007/10/96
Http://onlinecreativeportal.com

In addition there has been talk in the IAB about such a thing coming from that body

The key will be to have the agencies and advertisers fully buy in. The publishing communities will be able to reap the benefits of such a system almost immediately, but the workflow for the agencies will have to change and it is diffacult for the publishers to “not” accept creative directly.

There is also a need for a notification system that notifies all parties when creatives are switched out behind third party tags. Much of the malware conundrum is a result of creative that was changed mid-flight behind a tag.