Ad Nets Not Doing Enough To Stop Fake Ad Sales And Malware

malware

Companies trying to protect advertising networks, publishers, online buyers and consumers from malicious Web attacks are stepping up efforts to stop the sale of ad space to fake agencies placing ads with malicious code.

The problem proliferated in the last year with -- according to one source -- an average of between 1% and 2% of infected ads per site, jumping to between 10% and 20% as social networks started pulling ads from networks and the ability to make automated anonymous buys catapulted.

And there's no organized effort to stop it. Advertising networks and publishers say they have done their best to stop the practice, but executives at companies that monitor these networks and sites for Trojans say it's not enough. Michael Caruso, chief executive at ClickFacts, is calling on the industry to put in place more stringent practices to verify the companies that place ads on networks.

"There are a lot of Trojans being introduced through the ads running on these networks that may come from exchanges or direct buys, but really they come from fake companies," Caruso says. "These fake agencies are buying ads and launching malware. We've been looking for behavior and not just signatures. The industry has seen more than 25 million variants of malware."

Caruso can't see the entire Internet, and can only scan ad tags that ClickFacts supports. The software tests for an ad tag calling in malware, viruses and malicious code. It also crawls entire Web sites, such as MySpace, looking for bad code. That may not seem like much for one site, but multiply it by thousands and millions.

Many of the DSPs have a higher percentage of viruses in ads due to the nature of their automated ad-buying process, according to sources. Automation has been the culprit feeding the fire that companies lit years ago.

The motivation for the fake ad agencies is identity theft through ad exchanges and automated buys. "We're not talking about an ad getting injected with a virus -- we're talking about fake agencies being set up and no one mentioning that this is going on," he says. "It is going on and happening at every major publisher and in-person buys. It's also happening through direct ad buys."

One method that malvertisers use is to inject code in an ad, but companies also hack a page, an ad, or an SQL server. The malware typically self-destructs within 24 hours to keep from being found. They also infiltrate the ad network by making a direct ad buy on an ad exchange with a fake credit card. The tactic is not entirely new, but many acknowledge that it's been getting worse through the years. People set up an ad agency with some real clients, but also have "shady characters" that make ad buys.

David Norris, chief executive officer at BlueCava, says legit advertisers are paying higher prices for ad space as the steady stream of fake companies that place infected ads across self-service display ad networks increases.

Apparently, seven agencies were fired last December because they unknowingly hired criminals to make ad buys, hitting registry files with the intent of stealing personally identifiable information. These ad buyers put the code inside the ad, and a keylogger in the ad downloads onto the computer through malicious code. Or someone switches out the ad tag after the ad has been manually checked. That's what happened to The New York Times. The criminals exploited weaknesses in the online ad system.

One weakness is an inability to verify ads. While some companies have not put processes in place, others have. Kontera, a pay-per-click in-text ad network, has strict policies in place for placing ads. The network doesn't run ads for pornography, alcohol, firearms, or contraband. It checks each ad several times to keep the network clean, according to Ammiel Kamon, Kontera's executive vice president of marketing. "Self-service options have benefits, but require strict guidelines and monitoring," he says.

The industry lacks checks and balances, say Caruso and others.

6 comments about "Ad Nets Not Doing Enough To Stop Fake Ad Sales And Malware".
Check to receive email when comments are posted.
  1. Dean Collins from Cognation Inc, July 19, 2010 at 8:04 a.m.

    As a content provider (http://www.LiveChatConcepts.com) i can totally relate but the emphasis HAS to come from the ad networks themselves.

    There is no way for individul publishers to monitor each and every ad (technically and resource wise) and this has to be done at the wholesale elvel.

    If anyone knows of a "tool" that can be utilised by ad servers (we use OpenX) then i'd love to know about it.

    Cheers,
    Dean

  2. Elizabeth Kulin from ZEDO, July 19, 2010 at 10:13 a.m.

    Ad networks are vulnerable, but we all need to do a better job and set up systems that automatically scan the contents of all uploaded ad code for the presence of anything suspicious. Learn how ZEDO does it in a past blog post about this exact topic: http://blog.zedo.com/wordpress/blog/2010/03/24/addressing-vulnerabilities-in-the-ad-network-chain/

    Elizabeth Kulin
    www.ZEDO.com

  3. Bobbi Kraten from Primerica, July 19, 2010 at 1:28 p.m.

    I know someone at ClickFacts, who they mentioned in this article. He was explaining to me what they did. It sounded like they might have the tools you are asking about. You can check their website at www.clickfacts.com.

    Good Luck,

    Bobbi

  4. Craig Spiezle from AgeLight LLC, July 20, 2010 at 12:17 a.m.

    Malvertising is a complicated issue and unfortunately growing in magnitude taking advantage of both technical shortcomings of ad serving, lack of business processes and end-to-end accountability . The Online Trust Alliance and our members has formed a working group to help address these issues and provide prescriptive advice and recommendations. As we have experienced with other threat vectors, change is necessary. Operating systems have been hardened and browsers have integrated malware protection forcing the criminal to software targets. We are encouraged with the support to-date and welcome others within the interactive community to work with us. Left unchecked and combined with the mounting privacy concerns, malvertising has the potential to significant impact consumers wiliness to click on ads. More info is at https://otalliance.org or email staff@otalliance.org to request membership.

  5. Dean Collins from Cognation Inc, July 20, 2010 at 9:08 a.m.

    @Elizabeth, your post explains nothing about the ways in your technology solves the problem.

    @Bobbi, I coul be wrong but it appears t me that yur friends Clicktrack software protects legitimate advertisers..not publishers (different problem).

    @Craig, I checked out the OTA site....there was nothing i could find about this issue? care to provide a direct link rather than pimping for members?

    Anyone have some real advice as to how to protect small content publishers from this issue?

  6. Bobbi Kraten from Primerica, July 20, 2010 at 3:24 p.m.

    I double checked with My friend at clickfacts and he verified that they work with Ad Networks and Publishers. If you want to verify, you can email him directly though at pchatoff@clickfacts.com .

    Hope that helps,

    Bobbi

Next story loading loading..