Is Your Malvertising Prevention Strategy Working?

by Geoff Stupay, on Sep 18, 2020 12:41:49 PM

Everyday in the news we see cautionary tales and horror stories of malvertising attacks. eCommerce businesses are especially vulnerable — and impacted — by cyberattacks like these. The sinister reality of malvertising is that it often isn’t felt in a single hit. 

Instead, insufficient anti-malvertising strategies allow a slow and steady infiltration that ultimately hurts the end user with pop-ups or other nuisances. While seemingly benign, the long term damage of malvertising is high bounce rates and, ultimately, platform abandonment. So, why does the average anti-malvertising strategy not work? Read on or watch the recorded webinar below for insight from Seth Demsey, cofounder of cleanAD.

-- Article Continues Below --

Seth is the co-founder of cleanAD and was the CTO of AOL/Verizon ad business and a product and development leader at both Google and Microsoft. His significant grasp of this world will illustrate the agility and strategic changes that must occur for eCommerce businesses to effectively stave off the damage of malvertising.

This discussion covers:

  • Bad ads
  • Damage to end user
  • Points of infiltration
  • Ways to find malvertising
  • The combinatorial nature of malvertising
  • IAB SafeFrames
  • How to reduce malvertising

Why Do Our Visitors Still See Bad Ads?

Bad ads are disruptive and damaging. The end result for publishers or ad platforms is damage to reputation, business and partners.

  1. Reputation: Users get unwanted pop-ups, redirects, or other unexpected ad experiences.
  2. Business: Loss of revenue could result in being cut off from supply and demand partners or have users abandoning your site. Session level user engagement is  directly impacted by malvertising.
  3. Partners and distribution: Many publishers are using social media now. If users get served a bad ad on a social platform, they may return to the platform directly and click on “don’t show me this content.” This can stifle a publisher's reach on that social platform.

All of these can severely hurt your organic reach and user engagement.

Many publishers also spend money to drive traffic to their properties. If you are buying traffic and get bad ads, unwanted redirects or malware, users will opt out of the ad - or even worse provide negative feedback. This has the unintended impact of increasing the CPC cost for the publisher 

Damage to End User

When users feel vulnerable or are attacked on a site, they will not use it. The worst result would be that a user is:

  • Exposed to criminals
  • Tricked into signing up for services
  • Tricked into downloading applications with more malware
  • Downloads crypto mining or proxy server softwares

All types of ad fraud are interrelated. It’s vital to keep our eyes on the end user. They’re ultimately the buyers and ones who need protection.

New call-to-action

Visit the Complete Malvertising Resource Center

Points of Infiltration

Criminals can infiltrate at many points in the ad stack. They may use a DSP to submit attacks or have found a way to compromise an SSP or an ad agency. When they get into the programmatic ecosystem, they often do so through ads that are passing the scanners commonly used by platforms. This is done through the use of a script that can tell when it is in a scanning environment and hides its malicious activity such that it appears legitimate, and therefore is allowed to flow through the ecosystem. It will then deliver a bad action when the real end user is detected.

Ways to Find Malvertising

There are two basic classes of technology used to find malvertising.

  1. Blacklists: These can see URLs, look at JS fingerprint and create Prediction Models. They look at adtechs and stop them from rendering. This set of techniques has been industry standard for a long time. And yet, malvertising problems persist.
  2. Behavioral analysis technologies: Instead of looking at what is being loaded, this technology looks at what action ads are trying to take. Are they calling types of script? What are they actually doing? This technique detects and stops these behaviors from occurring. 

Behavioral analysis technology is gaining traction. A differentiating factor of behavioral analysis  is that the bad guys are forced paying for ad delivery when the malicious activity is prevented. The ad is rendered, the tracking pixels are fired and the criminals are paying for the bad ad. 

If you’re effective at behaviorally stopping bad ads, those cybercriminals who are analyzing ROI will realize that sites who implement this technique are costing them money. The campaigns targeting your website become ROI-negative and many times the bad actors untarget you.

Malvertising is Combinatorial

At cleanAD, seeing malvertising and malware as more than a single ad or payload is mission critical. We have a combinatorial paradigm. This includes analysis of:

  • Delivery: What is being delivered?
  • Setup: How do you get obfuscated code down to the page? 
  • Triggers: There are 10s of methods to activate, once it’s gotten to its destination.

The threat matrix isn’t linear. There are many ways to get a bad ad on a page. There isn’t one tag, one script. Each facet is multiplied and there is an enormous number of potential variants. 

From the tens of billions of impressions that cleanAD protects every month, we’ve learned that the half life of URLs or ads and threats have shrunk. We used to see malicious URLs for weeks at a time. Then daily. 

Now, we can observe the same bad ad (landing page, ad tag/creative ideas, javascript URL and actual javascript itself) being obfuscated to avoid hashbase detection. The half life of these threats gets smaller and smaller. The bad actors do this to avoid the blacklist-based techniques that are most commonly used in the industry.

As this time frame shrinks beneath five minutes, it will take longer to capture these ads to a blacklist. What’s more, the longevity of a blacklist (and its value) will be decreased. This forces us to reframe the problem.

Read the Guide

Malvertising: What You Need to Know to Prevent It

Malvertising prevention is essential for any publisher with an expansive online presence, and shoring up your lines of defense is a worthwhile investment.

Read the Guide

IAB SafeFrames

IAB SafeFrames have been a pretty standard protocol for the past few years. This takes a secondary domain (cross-domain iFrame), puts it in a publisher’s content and loads the external content into the cross-domain iFrame. This is an interesting methodology to stop malware and is effective in some cases. For certain types of threats and delivery, it will work.

In other cases, it may not be the most effective method. IAB SafeFrames also tend to have a lot of cross-browser compatibility issues. What it comes down to is that they may do a good job in very certain instances, but they won’t provide the protection you need in most others.

There are also major gaps in monetization and recording that make it harder to operate a site with SafeFrames. You may get a worse monetization rate and have a harder time reconciling. In summary, SafeFrames are an interesting but not full solution to the problem.

Make Malvertising Unprofitable

Malvertising isn’t going to be an issue you solve all at once or by implementing a single process.

There are three key things to consider as you activate better anti-malware solutions:

  • Mechanics or our ecosystem
  • Motivation of the attacker
  • Types of technology that can move us forward

Knowing these and applying the right solutions will reduce lapses and optimize user experience. The goal would be to find a surgical way to reduce these threats, so that management teams can get back to meeting client needs and servicing customers. In short, we at cleanAD and any platform that’s accounting for the future should be working to make malvertising unprofitable.

Ready to upgrade your anti-malvertising or find better solutions? Protect your customers with cleanAD. We understand that your revenue, brand reputation and user experience are at stake. That’s why we have the most innovative solutions on the market. Start your free cleanAD trial and to learn more.

Try cleanAD free for 14-days to see why major publishers trust our platform as the simplest, smartest, and most effective anti-malvertising solution available.

The Complete Guide to Malvertising

Topics:MalvertisingMalvertising Solutions

Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates