How To Make Malvertisers Pay

by Andrew Reed, on Jul 14, 2022 12:30:00 PM

Whether they are probing your site, hijacking user experiences, or launching full-scale attacks, cybercriminals are always looking for a lucrative payday through malvertising. 

The profit for them represents a significant cost to the ad ecosystem. In 2019, ads that were served via programmatic exchanges were hit by malvertising that cost publishers $325M. In 2018, ad fraud caused digital advertisers to lose $19B, or about 9% of their total spending on digital advertising. Publishers lose about $1.3B a year to malvertising. By the end of 2022, digital ad fraud could cost $44B in lost revenue.

How Malvertising Is Costing You

The real costs of malvertising and ad fraud include various elements, some of which are difficult to track but nonetheless real, while others will directly impact your business. In terms of those softer costs, site experience and customer satisfaction will deteriorate as users are attacked by bad ads and consequently driven away from repeat sessions. This will then lead to lost ad revenue as your site traffic decreases, and having to spend valuable work hours tracking down and removing bad ads.

Bad ads are highly circulated and cleverly disguised. Anyone can fall for them without the right protection. cleanAD is here to provide the right scam protection for publishers, preventing frustration for their end-user.   

-- Article Continues Below -- 

New call-to-action

-- Article Continues Below -- 

How to Protect Yourself and Make Malvertisers Pay

Traditionally, pre-scanning and blocklists have been the main ways to protect publishers and networks from malicious advertisers. But both come with their weaknesses and can end up hurting your ad revenue.

Malware scanning occurs in sandbox environments. Here, malicious code is recognized and automatically rejected. Sandboxing creates a “fake” environment with automated technology that attempts to detect a malicious program before serving an ad to a website's users. It’s a common line of defense for publishers and can stop some malvertising campaigns

Blocklisting is a way to provide “batched” protection against malvertising. Web pages use blocklist tools as a way to identify a known malicious advertisement. These URLs or code snippets are tied to malicious actors and the unwanted ads are not accepted during the bidding process.

As an anti-malvertising solution, blocklisting is activated during the ad selection process, but before the creative renders meaning the bad actors don’t pay for their impression. Thus, no actual negative ROI.

The Weaknesses of Malware Scanning

Prescanning has been around for some time, and the fact that it is a go-to strategy (and common knowledge) means it's well known by bad actors and expert malvertisers have had plenty of time to learn effective workarounds. 

Research indicates that there are now artificial intelligence components to malicious software that can evade prescanning in virtual environments altogether. If malware attacks can leverage AI, malware pre-scanning may not just be insufficient, it could become obsolete.


The Weaknesses of Blocklisting

The issue here lies with the agility and creativity of a criminal advertising network. Cybercriminals are able to quickly and efficiently generate incredible quantities of unwanted ads, and this high rate of production and extensive reach outpace the effectiveness of even the best blocklist tools. 

Also, malicious advertising URLs and snippets that aren’t present on the list of “known bad” offenders will be let through undetected. Additionally, domains can easily be rotated at scale, via automation, making it impossible to maintain an effective list. This means the malicious payload can be deployed as part of an exploit kit and the attacker ultimately gains access to the end-user.

Blocklists can also become stale and lead to large quantities of false positives tied to domains that are no longer malicious or never were. False positives result in lost revenue and extra operational overhead chasing down false leads. 

Blocklists are purely a reactive and ineffective method, with no way to proactively block novel threats. Meaning a blocklist is built by catching a threat and subsequently creating that entry to block it. cleanAD’s behavioral and deterministic approach prevents threats we have never seen without the need to update a blocklist. 

- Article Continues Below -- 

New call-to-action

-- Article Continues Below -- 

Behavioral Analysis for Malware Prevention

Consistency in malicious behavior and creatives are essential to effectively catch bad actors using the traditional pre-scan or blocklisting methods. 

But dangerous ads do not perform the same way in sandbox and user environments, and bad actors cleverly swap URLs, creatives, or methods numerous times to avoid blocklists. 

Modern malware attacks are cunning, quick, and endless, and have learned to adapt their strategies to sneak by traditional forms of protection. 

That’s where clean’s deterministic and behavioral analysis comes in.

clean’s proprietary Threat Mitigation Language (TML) prevents malvertising in real-time, addressing the problem of ad fraud and malvertisers who bypass pre-scanning in a virtual environment or aren’t listed clearly as bad actors on a blocklist. 

Instead of filling in the gaps, behavioral analysis approaches the problem using a completely different paradigm. 

The process is this:

  • Instead of a sandbox environment, behavioral analysis malware protection solutions run on the page, in the browser or app, in real-time.
  • As users are viewing ads, creatives will always be allowed to render.
  • Bad ads are stopped in the act of malicious code deployment and the negative actions are prevented from affecting the user.

This means that malvertisers are paying for ads on your platform even while their malicious creative is blocked.

When the malicious ad runs, the digital property owner still gets paid, even though the malicious code is stopped before ever hijacking the user session. This not only protects your users but creates a financial disincentive from targeting your webpage, as malvertisers still pay to have ads run on your page, but are prevented from earning clicks and drawing users into scams and malware.


cleanAD Behavioral Analysis Malware Protection

Every publisher needs to know how to effectively prevent malvertising and ad fraud. 

Behavioral analysis is how the best websites are future-proofing their user experience and digital engagements. And cleanAD is the solution that started it all. Used by major publishers and deployed on more than 7 million sites, cleanAD has a track record of virtually eliminating malware and malvertising on a website.

We understand that your revenue, brand reputation, and user experience are at stake. That’s why we have the most innovative solutions on the market. Start your free cleanAD trial and learn more here.

New call-to-action

Topics:MalvertisingMalvertising 101Malvertising Solutions

Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates