HomeInitiativesMalvertising

Malvertising

Advertising & Content Integrity Working Group     I    Anti-Malvertising     I    Native Advertising

As online advertising technology has become increasingly automated and complex, digital ads have become a rising area of concern. Malicious Advertising, or “Malvertising” poses a growing threat to everyone who accesses ad-supported content online, whether consumers relaxing with pop culture sites or employees keeping current with relevant headlines. Malvertising is the presence of malicious or malware-laden advertisements on legitimate, respected publisher sites and takes many forms: fraudulent pop-ups with fake warnings about system status or viruses; replacement of legitimate ads with messages that click to fraudulent or dangerous sites; interception of clicks to take users to sites they did not intend to visit and, most insidious of all, drive-by-downloads which drop malware without users taking any action or even realizing it. . Increasingly these exploits are being used to drive account take-overs and distribute ransomware.

Research reports malvertising events rose 375% in 2014 and another 260% in 2015.  This aggressive growth in Malvertising does more than damage individuals, it erodes trust which, in turn damages the entire ad-supported publishing ecosystem.  Lack of trust, rising consumer frustration and growing fear is fueling the use of ad blocking technologies which have become a topic of sometimes hostile debate within the publishing and advertising industry. 

Not unlike the evolution of spam into spear phishing, cybercriminals are increasingly leveraging behavioral targeting capabilities to sharpen their precision and compromise higher net worth targets. Malvertising is now leveraging big data, profiling and real-time bidding in ad exchanges to selectively reach and compromise high value consumers, businesses and government agencies.  By selective deployment, malvertising can reach specific companies (by tracking their IP addresses), specific industry sectors and specific groups of consumers (by using their shopping patterns and online behavior). Further, this same selectivity allows for sophisticated evasion from detection such as serving benign ads when monitoring is detected, or randomizing the malicious ads so that patterns become hard to discern.

Attacks on popular publishers, combined with repeated attacks over time, rack up billions of contaminated ad impressions hitting millions upon millions of unsuspecting consumers each year. OTA urges publishers to monitor their sites, identifying and protecting from malvertising attacks. Further, OTA recommends publishers carefully evaluate their procedures related to ad buying partners, automated buying systems, layers of intermediaries, etc. OTA supports innovation and the value in ad-supported content and we applaud meaningful industry efforts to secure the digital ad supply chain and dispel bad actors. Addressing the consumer damage caused by malvertising is a major step in rebuilding important consumer trust which is rapidly fading in the current environment. 

Resources  & Related Readings >

Draft Framework

Goals:

  • Enhancing the security and integrity of the advertising and content publishing ecosystems.
  • Develop and promote voluntary best practices and guidelines.
  • Develop standardized metrics, report and facilitate data sharing and collaboration with industry and law enforcement.
  • Advance technical counter measures and solutions to help detect, mitigate and block threats.
  • Protect the vitality of advertising supported online services.

OTA advocates a comprehensive strategy including establishing controls and practices to help:

  • Prevent
  • Detect
  • Notify
  • Facilitate "real time" data sharing and threat intelligence
  • Remediate to those impacted and harmed

Resources & Related Readings

U.S. Senate Report on the Security & Privacy Risks from Online Ads (May 14, 2014)

U.S Senate Hearing Video & Testimonies (May 15, 2014)

OTA Response to Senate Inquiry - Market Incentives, Regulation, Data Sharing & Collaboration with Law Enforcement (June 18, 2014)

Advertising & Customer Risk Evaluation Framework / Press Release
Created to help advertising networks and publishers evaluate new advertiser relationship opportunities against common risk factors used by fraudulent or malicious advertisers.  Use of this form is intended to help to assess a company's acceptable risk level for onboarding new advertisers and ad agencies.  It is estimated that upwards of 50% of the recent incidents could have been detected and prevented had an operational review of the advertiser been completed prior to accepting and onboarding of the ad campaigns.

Risk Evaluation Framework Presentation (Recorded webinar members only) -  October 3, 2013

Malvertising Response & Remediation Guide (PDF) Guide to aid publishers, networks, advertising agencies and first responders to help address malvertising and related incidents.

Anti-Malvertising Guidelines Released (PDF) - Reaching broad consensus with over 35 members of the task force OTA released the voluntary guidelines to help combat these threats.  OTA is calling on the security, business and interactive advertising communities to work together to help protect consumers from the harm.