Skip the navigation

Malvertising rise pushes ad industry to action

May 29, 2014 06:30 AM ET

But when the user clicks on the pop-up to take action, she is prompted to change her settings to allow installation of a third-party app -- delivered outside of the protected walled garden of Google Play -- so that the malware payload can be delivered undetected. Because these "scareware" messages look like they were generated by the operating system, they're very effective, Botezatu says.

The digital advertising industry must stop having unprotected sex.
Randall Rothenburg, president, Interactive Advertising Bureau

Malvertising could also cost the online advertising industry, and web publishers that depend on it, in other ways that are even more difficult to measure. "These threats are undermining the integrity of the interactive advertising ecosystem," says Spiezle. Users cite a lack of trust in the safety of online advertising as one reason for using ad blocking software, even though the use of such software eliminates all ads -- good or bad -- along with the primary revenue source for many web publishers. "Blocking all ads and scripts will most likely keep the user safe," but would reduce revenue for web publishers, Spiezle says.

One Blue Coat Systems client, which Larsen will describe only as a Fortune 500 company, recently decided to block all ad traffic for tens of thousands of its employees. "They were concerned about malware coming in from this vector and not being able to stop it," he says.

Fixing the problem

One way to put a big dent in the malvertising problem would be an outright ban on JavaScript ads, says Larsen, but that's unlikely to happen. JavaScript lets advertisers do more innovative things with the creative aspect of their content and helps with analytics, says Sullivan.

Spiezle wants to see changes in the process for vetting online advertising. "If we don't do this we'll see increased use of [ad] blockers, calls for regulation and potential lawsuits for failure to take steps to help protect users from harm," he says.

"I agree absolutely," says Sullivan. Today, a well-managed ad network that knows every one of its affiliated sites and monitors them constantly may still sell its excess inventory to a secondary ad network that doesn't operate at the same level.

And there's no consistent mechanism by which to grade all of the players in the market and no visibility as to which players have good practices in place and which do not, Sullivan says. For example, one network might be using ad verification technologies to bolster security while another uses nothing at all. That led IAB president Randall Rothenburg, in a recent opinion column, to declare that "the digital advertising industry must stop having unprotected sex."

Malware

"If all of the networks in a trustworthy supply chain operated [to the same standard], we wouldn't have the problem at scale that we have today," Sullivan says. "In an opaque marketplace the inventory for a company that doesn't follow best practices sits side-by-side with a company that does -- and they're treated equally."

The IAB's five-year plan, which includes quality assurance guidelines and the establishment of a "Traffic of Good Intent" task force, isn't fully developed yet, and many details have yet to emerge.

Nonetheless Spiezle says, he's encouraged, although he'd like to see the IAB open up the process to all affected parties. "An effective solution needs to include a multi-stakeholder approach including the advertising community, ad networks, publishers and the security community. We look forward to working with the IAB and others towards this goal."

Related: Ad blockers: A solution or a problem?

This article, Malvertising rise pushes ad industry to action, was originally published at Computerworld.com.

is a national correspondent for Computerworld. Follow him on Twitter at Twitter twitter.com/rmitch, or email him at rmitchell@computerworld.com.

Read more about Privacy in Computerworld's Privacy Topic Center.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!