How to Remove Malvertising: 3 Options for Combating Malvertising

by Kathleen Booth, on Nov 23, 2020 9:00:00 AM

Malvertising is enemy number one for ecommerce platforms. Hacking, redirects or spam cause serious damage to the user experience and by extension, the brand's reputation. In the media and publishing business, trust is everything. When your users don't trust your site or have a poor experience, that inevitably translates into decreased revenue. 

To avoid this slippery slope, publishers and advertising platforms need a proactive plan to combat malvertising. While it’s ideal to prevent it entirely, no site is impenetrable.

When a breach happens, you can mitigate the threat by using one of these three strategies for removing malvertising:

  1. Scanners
  2. Blocklists
  3. Behavioral Analysis

-- Article Continues Below --

New call-to-action

Visit the Complete Malvertising Resource Center

1. Malware Scanning

Traditionally, pre-scanning has been one of the main ways to get rid of a malicious ad or ad network on a website.

The goal of the malware pre-scan is to identify malware before an ad goes live and is served to website visitors. When it works, bad ads are neutralized before they ever reach the end-user. 

Malware scanning occurs in sandbox environments. Here, malicious code is recognized and automatically rejected. Sandboxing creates a “fake” environment with automated technology that attempts to detect a malicious program before serving an ad to a website's users. It’s a common line of defense for publishers and can stop some malvertising campaigns. 

The Weaknesses of Malware Scanning

The problem is, prescanning has been around for some time, and the fact that it is a go-to strategy (and common knowledge) means it's well known by bad actors and expert malvertisers have had plenty of time to learn effective workarounds. 

Research indicates that there are now artificial intelligence components to malicious software that can evade prescanning in virtual environments altogether. If malware attacks can leverage AI, malware pre-scanning may not just be insufficient, it could become obsolete.

2. Blocklisting Malvertising

Blocklisting is a way to provide “batched” protection for malvertising. It works on any web browser (Internet Explorer, Google Chrome, etc.). Web pages use blocklist tools as a way to identify a known malicious advertisement. These URLs or code snippets are tied to malicious actors and the unwanted ads are not accepted during the bidding process.

As an anti-malvertising solution, blocklisting is activated during the ad selection process, but before the creative renders and the bad actor pays for their impression.

Malicious advertising, domains, URLs and snippets that aren’t present on the list of “known bad” offenders will be let through undetected. This means the malicious payload can be deployed as part of an exploit kit and the attacker ultimately gains access to the end-user.

Read the Case Study

How cleanAD Completely Eliminated Malicious Redirects, Freeing up 60 Hours of AdOps Efforts per Week, for Venatus Media

Read the Case Study

The Weaknesses of Blocklisting

The landscape of malvertising, and the people who perpetrate it, is constantly evolving. It may be obvious to even a casual observer that a lengthy list of known bad ads is hard to maintain and impossible to keep current or comprehensive.

Of course, any known bad ad should be blocked. The issue lies with the agility and creativity of a criminal advertising network. Cybercriminals are able to quickly and efficiently generate incredible quantities of unwanted ads, and this high rate of production and extensive reach outpace the effectiveness of even the best blocklist tools.

Bad Ads: The Impact

Malware scanning and blocklisting are widely used by online publishers and platforms, but are nevertheless fraught with issues.

The impact of bad ads on any platform or website erodes end-user trust and negatively impacts user experience.

Here are some additional issues that arise when pre-scans and/or blocklisting are the only tools used for malvertising prevention:

  • False positives and false negatives: Both of these processes have the side effect of mislabeling ads. Good ads may not get through and bad ads may slip by. When good ads aren’t served, advertising revenue is lost. When bad ads are served, the end-user is negatively impacted with a malware infection and/or poor user experience.
  • Catch limited types of malware: Both pre-scanning and blocklisting only catch certain types of malware or malvertising attacks. Pre-scanning is easily worked around by cybercriminals with fingerprinting. When the code sees a sandbox environment, it will only display safe versions of the ad. This allows the malicious creative to bypass prescanning altogether. When blocklisting is in force, it can’t catch novel attacks, meaning that any new kind of code or unrecognizable bad actors from the list can easily get past the checkpoint.

In many ways, prescanning and blocklisting have been sufficient, but it’s clear that as cyberattacks escalate both in frequency and sophistication, they aren’t enough to handle future malware issues.

The real money for publishers and platforms is in the last method for combating malvertising, and it truly provides the most effective and comprehensive protection.

Read the Guide

Malvertising: What You Need to Know to Prevent It

Malvertising prevention is essential for any publisher with an expansive online presence, and shoring up your lines of defense is a worthwhile investment.

Read the Guide

3. Behavioral Analysis for Malware Prevention

No longer are ads performing the same way in both a sandbox and user environment, nor are bad actors using the same URLs, creative or methods numerous times. Consistency in performance and creative are essential to effectively catch bad actors using the traditional pre-scan or blocklisting methods. 

Instead, malware attacks are cunning, quick and endless. That’s where behavioral analysis comes in.

This revolutionary method can catch malvertising in real time, addressing the real problem of malvertisers who bypass pre-scanning in a virtual environment or aren’t listed clearly as bad actors on a blocklist. 

Instead of filling in the gaps, behavioral analysis approaches the problem using a completely different paradigm. 

The process is this:

  • Instead of a sandbox environment, behavioral analysis malware protection solutions run on the page, in the browser or app in realtime.
  • As users are viewing ads, creative will always be allowed to render.
  • Bad ads are stopped in the act of malicious code deployment and the negative actions are prevented from affecting the user.

Simply put: this is a game changer for publishers and platforms because it means that malvertisers are paying for ads on your platform even while their malicious creative is blocked.

When the malicious ad runs, the digital property owner still gets paid, even though the bad ad is stopped before ever getting to the user. There is absolute certainty that the ad was, indeed, bad, which eliminates the issue of false positives or negatives.

cleanAD Behavioral Analysis Malware Protection

Every publisher needs to know how to effectively prevent malvertising.

Behavioral analysis is how the best websites are future-proofing their user experience and digital engagements. And cleanAD is the solution that started it all. Used by major publishers and deployed on more than 7 million sites, cleanAD has a track record of virtually eliminating malware and malvertising on a website.

The Complete Guide to Malvertising

Topics:MalvertisingMalvertising 101

Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates