Latest Blogs
«
»

Adware and Spyware and Malware….Oh, My!

It is the one word that strikes fear into the hearts of publishers and ad networks alike – malware. A malware “outbreak” has the ability to severely threaten the credibility of a publisher’s site, and, if the ad is coming through an ad network, the network’s reputation. Malware can come through a variety of channels so it is important for both publishers and networks to be aware of exactly what they are serving onto a site. Hopefully with an increased knowledge and awareness of how malware spreads, we as an industry will be able to prevent it.

First things first – what exactly is malware?

Malware is any sort of “malicious software” whose sole purpose is to harm your computer. The end result can vary. Malware has the potential to not only download viruses onto your computer, but it also has the ability to steal any sensitive information you have stored on your system – such as email passwords and credit card information. The term “malvertising” refers to malware being distributed through advertising. Malware can be distributed in different forms – through malicious code hidden within a creative’s Flash (.swf) file or through files uploaded to a web page (user-generated content).

OK, that sounds terrifying…and a little creepy….how do I stop it?

When it comes to combating malware, the best offense is a good defense. Everyone should be aware of what to look for – from Sales Reps all the way through to the AdOps team. Here are some helpful warning signs of potential fraudulent campaigns:

  1. The contact at the “agency” uses @gmail or another form of webmail, and when you try to call you can’t talk to a live person.
  2. The agency contact offers to pay via wire transfer or credit card, but it is slow to arrive and they press you to push the campaign live.
  3. Check the billing and contact information – if the company has a phone number or domain registered in the Ukraine, it’s probably not legitimate.
  4. Check the domain of advertisers, agencies, and click URLs with tools such as DomainTools.com. Be on alert for…
    • Any domains registered recently – usually a sign of a malicious campaign
    • Domains hosted in a different country than where the agency/advertiser claims they are based
    • A high number of registered domains for one email address
  5. Pay closer attention to any “last minute” campaigns that want to begin before a weekend – malicious creative may appear legitimate at first, but will typically swap out and “fire” on a weekend or late in the evening when fewer people will be available to locate and solve the problem
  6. For the AdOps team, carefully inspect all creatives before allowing them to run:
    • AdOpsTools.net contains a scanning tool for Flash and Javascript files
    • Inspect the referred calls for all third party ad tags – creative may seem harmless at first, but it can be swapped out and become malicious later.
    • Notice if there are any unrecognizable domains in the referred calls.

Help! I think my site has been infected with malware! What should I do?

There are some signs that your computer could be infected with malware – you receive numerous error messages (the ever-popular “We’ve scanned your computer and found it to be infected! Click here to download anti-virus software!” message), your computer will not shut-down or restart, or you’re noticing an excessive amount of pop-up windows. If you think you have been infected, try to gather as much key information as possible….
  • Time of incident, and your geographic location
  • Exact page you were browsing
  • Type/version of browser and operating system (ie. Internet Explorer 7 and Windows XP)
  • Did you notice any particular ads on the page prior to the attack?
  • Detailed description of the attack

All of these details are key in determining the potential root cause of the malware. Many of these outbreaks attack quickly and can be geographically or browser targeted, making them difficult to replicate. As many details as you can gather the better so that an “attack pattern” can try to be formulated.

In order to protect yourself in the future, it is important to have up-to-date security software and the most recent browser and operating system updates and security patches. In addition, be sure that you are using a reputable anti-virus software (McAfee, Norton, etc), as many malware distributers will operate under the guise of being “anti-spyware.” It can also be helpful to keep an eye on news within the industry in order to learn of any other outbreaks that could be happening elsewhere. There are various blogs, such as Spyware Sucks (http://msmvps.com/blogs/spywaresucks/Default.aspx) and StopAdFraud.org, that catalog details of various malware outbreaks. If you prefer to leave the malware hunt to the professionals, companies such as The Media Trust have developed technology to scan ad tags and creatives for potential malware, and they cross-check their findings with various malware databases.

So, in conclusion…

There is strength in numbers – if all levels and facets of the online industry work together to take the necessary steps to prevent and combat malware, we can help make the web safer for everyone. Unfortunately, malware is a reality of the business – and the distributors of malware make it their objective to discover new ways to get around current security measures in order to spread malicious software. Security professionals certainly have their job cut out for them. Dan Lohrmann, the Director of Infrastructure Services at the Michagan Department of Technology, describes the challenges facing the industry: “The bad guys are always getting better and trying to get in. They are working harder than ever to defeat whatever you are doing to protect your enterprise. This knowledge alone will change your perspective on your job and when you are ‘done.’ What worked today may not work tomorrow.” It’s important to understand that everyone plays in part in preventing malware from spreading. Only with a concerted effort from all areas of the industry working together will we be able to preserve the safety and security of our advertising medium.
Have any additional tips on preventing malware? Let us know.

This entry was posted on Thursday, May 6th, 2010 at 10:35 am and is filed under Latest News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply
Subscribe