News broke earlier this week that hackers have been buying ads on real-time bidding (RTB) platforms and embedding them with RIG 3.0, which checks whether or not a person’s computer is vulnerable and if it is, it loads a trojan virus. VentureBeat first reported the findings, which were uncovered by Trustwave Holdings.
It marks the second time in the past four months that booby-trapped ads have been delivered via RTB exchanges. And on top of these attacks, it was reported earlier this week that Yahoo is also under fire from malvertising.
In a comment posted on MediaPost, Paul Benjou from The Center for Media Management Strategies commented that the latest finding creates “another check box that needs to be ticked when evaluating RTB platforms.”
Lane Thomas, security research and software development engineer at IT provider Tripwire, said in an email that the “latest hits reflect the bad state of security within the Web.” Thomas said there is “no single person or system to blame,” but offered a suggestion as to what networks and ad platforms could do to heighten security.
“[A]d networks and platforms need to enhance their verification and validation processes. Attackers have a huge incentive to penetrate these systems,” Thomas wrote. “Further, ad networks and platforms have a lot to lose in terms of consumer trust. If large scale malvertising campaigns such as this continue, consumers will lose more and more trust in these ad services, which can ultimately lead to financial losses for the ad organization.”
Advertisers are already losing billions of dollars per year, so it’s already an issue worth addressing. Any trust consumers lose in ad tech providers simply adds to the money lost to bots -- just in a different fashion. Instead of just fighting bots, these companies would also be fighting a PR battle.
It’s not a stretch to say consumers are losing trust. “Do Not Track” technologies are alive and well and are even receiving updated standards.
It’s not entirely up to the networks and platforms to protect consumers from scrupulous happenings on the Web, however. Consumers could still steer themselves in the wrong direction. Thomas added that “end users need to be vigilant when clicking advertising links and should always keep their software patched and updated.”
For their part, ad tech companies are actively working with verification and validation companies. For example, Google DoubleClick on Tuesday partnered with comScore to bring validation measurement to its platform. Additionally, investors are zeroing in on ad fraud detection firms, with companies such as Integral Ad Science and Distil Networks raising a combined $88 million in the past several weeks.
It’s a legitimate problem RTB ad-buyers face, but James Green, CEO of Magnetic, has a simple solution that he shared at the OMMA Art & Science conference in Los Angeles in July: “Go to those exchanges that are worse and refuse to pay.”