Malvertising rise pushes ad industry to action
But when the user clicks on the pop-up to take action, she is prompted to change her settings to allow installation of a third-party app -- delivered outside of the protected walled garden of Google Play -- so that the malware payload can be delivered undetected. Because these "scareware" messages look like they were generated by the operating system, they're very effective, Botezatu says.
Malvertising could also cost the online advertising industry, and web publishers that depend on it, in other ways that are even more difficult to measure. "These threats are undermining the integrity of the interactive advertising ecosystem," says Spiezle. Users cite a lack of trust in the safety of online advertising as one reason for using ad blocking software, even though the use of such software eliminates all ads -- good or bad -- along with the primary revenue source for many web publishers. "Blocking all ads and scripts will most likely keep the user safe," but would reduce revenue for web publishers, Spiezle says.
One Blue Coat Systems client, which Larsen will describe only as a Fortune 500 company, recently decided to block all ad traffic for tens of thousands of its employees. "They were concerned about malware coming in from this vector and not being able to stop it," he says.
Fixing the problem
Spiezle wants to see changes in the process for vetting online advertising. "If we don't do this we'll see increased use of [ad] blockers, calls for regulation and potential lawsuits for failure to take steps to help protect users from harm," he says.
"I agree absolutely," says Sullivan. Today, a well-managed ad network that knows every one of its affiliated sites and monitors them constantly may still sell its excess inventory to a secondary ad network that doesn't operate at the same level.
And there's no consistent mechanism by which to grade all of the players in the market and no visibility as to which players have good practices in place and which do not, Sullivan says. For example, one network might be using ad verification technologies to bolster security while another uses nothing at all. That led IAB president Randall Rothenburg, in a recent opinion column, to declare that "the digital advertising industry must stop having unprotected sex."
"If all of the networks in a trustworthy supply chain operated [to the same standard], we wouldn't have the problem at scale that we have today," Sullivan says. "In an opaque marketplace the inventory for a company that doesn't follow best practices sits side-by-side with a company that does -- and they're treated equally."
The IAB's five-year plan, which includes quality assurance guidelines and the establishment of a "Traffic of Good Intent" task force, isn't fully developed yet, and many details have yet to emerge.
Nonetheless Spiezle says, he's encouraged, although he'd like to see the IAB open up the process to all affected parties. "An effective solution needs to include a multi-stakeholder approach including the advertising community, ad networks, publishers and the security community. We look forward to working with the IAB and others towards this goal."
More about online advertising
Read more about Privacy in Computerworld's Privacy Topic Center.
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- Cloud Computing Drives IT and Business Agility Hybrid Cloud Accelerates Time to Value What is the main focus for IT in your organization - cost or agility? Many IT discussions today focus on cost controls rather...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Cloud BI in Action: Recorded Webinar of Customer, Kony, Inc. See how Kony, Inc., a leading enterprise mobility company, is using TIBCO Jaspersoft for Amazon Web Services and Redshift to achieve embedded analytics... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!