Malvertising rise pushes ad industry to action
But when the user clicks on the pop-up to take action, she is prompted to change her settings to allow installation of a third-party app -- delivered outside of the protected walled garden of Google Play -- so that the malware payload can be delivered undetected. Because these "scareware" messages look like they were generated by the operating system, they're very effective, Botezatu says.
Malvertising could also cost the online advertising industry, and web publishers that depend on it, in other ways that are even more difficult to measure. "These threats are undermining the integrity of the interactive advertising ecosystem," says Spiezle. Users cite a lack of trust in the safety of online advertising as one reason for using ad blocking software, even though the use of such software eliminates all ads -- good or bad -- along with the primary revenue source for many web publishers. "Blocking all ads and scripts will most likely keep the user safe," but would reduce revenue for web publishers, Spiezle says.
One Blue Coat Systems client, which Larsen will describe only as a Fortune 500 company, recently decided to block all ad traffic for tens of thousands of its employees. "They were concerned about malware coming in from this vector and not being able to stop it," he says.
Fixing the problem
Spiezle wants to see changes in the process for vetting online advertising. "If we don't do this we'll see increased use of [ad] blockers, calls for regulation and potential lawsuits for failure to take steps to help protect users from harm," he says.
"I agree absolutely," says Sullivan. Today, a well-managed ad network that knows every one of its affiliated sites and monitors them constantly may still sell its excess inventory to a secondary ad network that doesn't operate at the same level.
And there's no consistent mechanism by which to grade all of the players in the market and no visibility as to which players have good practices in place and which do not, Sullivan says. For example, one network might be using ad verification technologies to bolster security while another uses nothing at all. That led IAB president Randall Rothenburg, in a recent opinion column, to declare that "the digital advertising industry must stop having unprotected sex."
"If all of the networks in a trustworthy supply chain operated [to the same standard], we wouldn't have the problem at scale that we have today," Sullivan says. "In an opaque marketplace the inventory for a company that doesn't follow best practices sits side-by-side with a company that does -- and they're treated equally."
The IAB's five-year plan, which includes quality assurance guidelines and the establishment of a "Traffic of Good Intent" task force, isn't fully developed yet, and many details have yet to emerge.
Nonetheless Spiezle says, he's encouraged, although he'd like to see the IAB open up the process to all affected parties. "An effective solution needs to include a multi-stakeholder approach including the advertising community, ad networks, publishers and the security community. We look forward to working with the IAB and others towards this goal."
More about online advertising
Read more about Privacy in Computerworld's Privacy Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Market Overview: Digital Customer Experience Delivery Platforms Forrester states that businesses today struggle to understand and use the tools necessary to create and manage unified, multichannel digital customer experiences across...
- The Growing Demand for Rich Media This white paper discusses how IBM Customer Experience Suite Rich Media Edition can automate rich media workflows, from collaborating with creative agencies and...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- It's not too late...Get Your Mobile Questions Answered Live! How can IT provide seamless and secure mobile communications and collaboration for all? Join this live Webcast as IDG asks an expert panel... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!