What is Malvertising? (And what can you do about it)
by Matt Gillis, on May 18, 2020 4:01:00 PM
Forbes. New York Times. BBC. The Onion. NFL.
What do all of these web publishers have in common?
If you guessed that they’ve all been victims of malvertising, you would be correct.
Malicious advertising, or malvertising, is a growing challenge for digital publishers. Fraudsters traffic malicious ads through trustworthy advertising sources to steal private information or even compromise your device.
In addition to causing severe damage to a publisher’s credibility, malvertising robs publishers of ad revenue, as well as exposes their users to harmful malware. As a result of malvertising, publishers can lose between 60-80% of a user’s time spent on-site.
As technology continues to evolve, it’s difficult for advertising personnel to keep up with the digital landscape and the growing sophistication of malvertising threats.
-- Article Continues Below --
Common Forms of Malvertising
Malvertising can be hard for an untrained eye to identify. They mimic the appearance of traditionally trustworthy advertisements, enticing site visitors to click before they realize the malicious intent. Therefore, cutting short a user’s engagement with their brand.
1. Pop-Up Advertisements
A popular mechanism for bad actors includes pop-ups that disrupt the visitor’s browsing experience with the goal of getting the visitor to click on it and download harmful malware onto their personal device. The prompts can range from false updates to browsers or software programs, or the promise of free items on the other side of the ad.
Related Article: Decoding the Malicious Behavior of Bad Actors in Malvertising
2. Sponsored Advertisements
In this day and age, site visitors are no strangers to sponsored advertisements. Whether a banner ad at the top of a website or paid ads breaking up the text in online articles, nobody is surprised by its presence.
What may surprise people is that those advertisements are another common mechanism for fraudsters to deliver malicious ads. While less obnoxious in generating clicks than disruptive pop-ups, their familiar appearance makes it easy to expose users to malicious intent.
Read the Case Study
How cleanAD Completely Eliminated Malicious Redirects, Freeing up 60 Hours of AdOps Efforts per Week, for Venatus Media
3. Forced Redirects
In some instances, fraudsters don’t even give visitors the option to click. They release infected ads that automatically redirect visitors from the page they’re on, to pages laced with malware. This type of malvertising is especially dangerous to publishers because when visitors are automatically redirected to a new page or site because of a malicious ad, it doesn’t count as a revenue-generating event. Not only does this impact ad revenue, but it also disrupts the user’s experience and can result in lost loyal customers.
Get the eBook: Choosing A Future-Proofed Anti-Malvertising Solution
What You Can Do About Malvertising
Digital ad fraud is an enormous business that impacts the user experience, brand reputation, and ad revenue of web publishers of all sizes. Because of the prominence of the issue, there are a variety of malvertising detection and prevention solutions on the market.
Malvertising protection solutions can be divided into three primary categories: static, dynamic, and behavioral
1. Static Anti-Malvertising Solution
When ad fraud first surfaced, static anti-malvertising solutions were the first to try and tackle the problem. Most commonly executed via offline scanning – static analysis involved an advertiser registering creative for a campaign, getting the creative scanned in an offline environment, and then the creative was either blocked or passed onto the live site.
Because static analysis doesn’t work in real-time, bad actors can easily adjust to work around the solution, triggering the need for dynamic solutions.
Read the Guide
Malvertising: What You Need to Know to Prevent It
Malvertising prevention is essential for any publisher with an expansive online presence, and shoring up your lines of defense is a worthwhile investment.
2. Dynamic Anti-Malvertising Solution
The O.G. of dynamic malvertising prevention, block-listing, is when the code embedded in a digital ad is checked against a list of known dangerous elements found in previous malvertising instances. If malicious elements are identified, the ads are blocked.
While effective to an extent, blocklists are only as useful as it’s comprehensiveness. This makes it a time-intensive solution that is prone to manual error and difficult to maintain. Bad actors committing fraud have learned to evade detection by disguising or frequently changing block-listed characteristics, a dynamic evasion of static fraud detection.
3. Behavioral Anti-Malvertising Solution
The most sophisticated anti-malvertising solution uses advanced behavioral analytics to identify and prevent ad fraud in real-time. A behavioral approach analyzes the actual behaviors of an ad in order to understand if it intends to execute a malicious payload.
With this approach, fraudulent ads are delivered to the live website but are prohibited from delivering a malicious payload – protecting both advertising revenues and the user experience.
It is impossible for even sophisticated fraudsters to circumvent a behavior-based fraud solution because the solution is monitoring the ad’s behavior as it is being delivered on a live site. This ensures that fraudulent activity is prevented. Revenue continues to be delivered to the publisher or platform, without any funds or information redirected to the bad actors. By making their fraudulent activities unprofitable, the bad guys will learn to leave your website alone and seek out easier targets with less sophisticated anti-malvertising solutions.
Malicious ads are proving to be more sophisticated as the digital landscape evolves, requiring more sophisticated solutions to protect publishers’ revenue and reputation. Make the most of your ad investment and minimize the impact and profitability of malicious ads with a unique anti-malvertising solution based on behavioral analysis with cleanAD.