About Us Membership Resources OTA Members Login

Anti-Malvertising  l   Data Breach   l   DNSSEC  l   Email Authentication    I    EV SSL Certs   l    Messaging Ecosystem Security 


ANTI-MALVERTISING - Enhancing the security & integrity of the online advertising ecosystem

Tools & Resources     
    

Updated Advertising & Customer Risk Evaluation Framework / Press Release - October 1, 2013

Risk Evaluation Framework  Presentation (Recorded webinar members only) - October 3, 2013


Malvertising is the cybercriminal practice of injecting malicious or malware laden advertisements into legitimate online advertising networks. It can occur through deceptive advertisers or agencies running ads or compromises to the ad supply chain including ad networks, ad exchanges and ad servers.  It is a growing threat to the integrity of the ad supply chain and vector to distribute malware to unsuspecting users.  A malicious advertisement exhibits behavior including, but not limited to, conducting a drive-by-download, delivering deceptive downloads such as fake anti-virus pop-ups and/or redirecting the user to sites that the user has not elected to visit.

Cybercriminals are increasing the distribution of compromised ads to an expanded set of web properties with the potential of exposing millions of users daily.  In 2012, it was estimated nearly 10 billion ad impressions were compromised by malvertising.  Web sites, ad network and users need to be made more aware of the threat, as by just visiting websites that are impacted by malvertisements, users can get infected.

In July 2010, OTA formed a cross industry working group to share data and develop best practices to counter this growing threat.  The goals include:

  • Enhancing the security and integrity of the advertising ecosystem

  • Develop and promote voluntary best practices and guidelines

  • Develop standardized metrics, report and facilitate data sharing and collaboration with industry and law enforcement

  • Advance technical counter measures and solutions to help detect, mitigate and block threats

  • Protect the vitality of advertising supported online services

Malvertising Response & Remediation Guide (PDF)
Guide to aid publishers, networks, advertising agencies and first responders to help address malvertising and related incidents.

Anti-Malvertising Guidelines Released (PDF) - Reaching broad consensus with over 35 members of the taskforce OTA released the voluntary guidelines to help combat these threats. The ad supply chain is under attack and it is incumbent on all stakeholders to take reasonable steps to help protect consumers and the reputation of web sites from harm.  Real harm is occurring and millions of users are being unknowingly exposed to malware by simply visiting trusted sites.  OTA is calling on the security, business and interactive advertising communities to work together to help protect consumers from the harm. 

New Advertiser Risk Evaluation Tool & Checklist - Updated October 1
Created to help advertising networks and publishers evaluate new advertiser relationship opportunities against common risk factors used by fraudulent or malicious advertisers.  Use of this form is intended to help to assess a company's acceptable risk level for onboarding new advertisers and ad agencies.  It is estimated that upwards of 75% of the recent incidents could have been detected and prevented had an operational review of the advertiser been completed prior to accepting and onboarding of the ad campaigns. 


Revised April 1, 2014