• by Joe Mandese  @mp_joemandese, October 12, 2009

A copy of the warning letter Starcom sent publishers.

In an effort to head off potential liabilities and threats to its clients' reputations from rogue media buyers posing as legitimate online marketers, Publicis Groupe last week sent letters to publishers putting them on notice that they must take steps to manually confirm any requests for insertion orders they receive from a Publicis agency that looks questionable or comes from a source they are not familiar with. "We have read with increasing alarm the press surrounding rogue software and malicious advertising that is being placed on Web sites by individuals pretending to represent legitimate insertion requests," reads one of the letters from Publicis' Starcom unit, a copy of which was obtained by OnlineMediaDaily.

Similarly worded letters were sent by Publicis' Digitas, Optimedia, MediaVest, Zenith, and Spark units informing publishers that they are reviewing their own internal processes for making online media buys, and outline a series of steps publishers must take before processing any insertion orders received on their behalf that might look suspicious.

The letters, which caused a stir in the online publishing community, and raise new questions about advertising liability in an increasingly automated digital media-buying world, were sparked by a number of fake ads placed on major publishers' sites that impersonated legitimate marketers, but which ultimately launched malware attacks.

The Publicis letters included a link to an article published by The New York Times covering just such an attack make via an ad placed on its site several weeks ago.

The Times reported that an ad placed by a source pretending to be a legitimate marketer, broadband telecommunications provider Vonage, secretly launched maleware that took control of the browsers of many of the users who visited the site, filling their computer screens with "an image that seemed to show a scan for computer viruses. The visitors were then told that they needed to buy antivirus software to fix a problem, but the software was more snake oil than a useful program."

New York Times Co. spokeswoman Diane McNulty confirmed that the ad was received and accepted by the ad operations team of the Times' Web site, and said the newspaper's ad ops team has changed its protocol for accepting ads from third-party servers that it is not familiar with.

"Going forward, we are requiring advertisers to work with one of the servers we know," she said.

The Times incident follows similar cases among other big online publishers who unwittingly accepted ads impersonating legitimate marketers, which turned out to be from malicious entities. In the case of the Times ad placement, the insertion order came in from a URL named www.vonage-inc.com, which was not registered by Vonage.

The incidents have exposed potential vulnerabilities in on online publishing security, and are causing advertisers, agencies and publishers alike to reassess the processes they use to conduct business, especially as they interact with an increasing array of third-party intermediaries - advertising networks, exchanges, etc. - many of which place insertion orders automatically and without human intervention. The solution, as the Times' and Publicis' new policies suggest, is to reinsert human interaction into the process - at least for the time being.

"We recognize that this will require some additional time and focus, but we will do everything necessary to secure the requests we make on behalf of our clients," one of the Publicis letters noted. The letter outlined five scenarios and steps in which publishers must make an effort to contact the agency to confirm an order - by phone, if necessary.

A Publics spokeswoman confirmed that the letters had been sent out, but said an appropriate spokesperson was not available to comment further when contacted by OMD on Friday.

It was unclear whether Publicis was simply acting vigilantly to head off potential liabilities, or whether it has actually encountered situations in which a rogue media buyer was impersonating as a Publics media buyer, a development one observer said could create a state of anarchy in the digital buying world.

"It's one thing to have someone mimicking the ads of a marketer like Vonage, but to have someone mimicking a media buyer like Starcom, and trying to place insertion orders, could be a real problem," said Rajeev Goel, co-founder and CEO of Pubmatic, a company that was created to help publishers manage, and optimize their relationships with third-party intermediaries such as ad networks.