AdMeld Takes A Byte Out Of Crime: Will Monitor, Thwart Malware Attacks
In an effort to stay one step ahead of a sophisticated network of cyber criminals who have begun using online advertising as a means of distributing malware, or malicious software code, an increasingly vulnerable online display advertising industry is adopting new procedures, protocols and systems for monitoring, detecting and thwarting attacks by so-called malvertisers before they can do much damage. In the latest move, AdMeld, a company that helps publishers ranging from Discovery Networks to Fox News sell their online advertising inventory, has struck a deal with The Media Trust to detect malware across the billions of impressions they sell to agencies, advertisers, and increasingly to malvertisers.
The progression is part of an arms race that began more than a year ago, when the online advertising industry became aware that purveyors of malware were using advertising as a new “vector” for distributing code that could be embedded in tags or pixels, or cause a user’s browser to be redirected to a malevolent site that could infect their computers with unsavory code that could steal their identities, or worse.
Such attacks have infiltrated some of the most premium of online publishers, occasionally via their own sales organizations, but increasingly via a “self-serve” marketplace that has made it relatively easy for virtually anyone - including crooks - to plan, buy and run online advertising via an array of ad networks, exchanges and so-called demand side platforms that company’s like AdMeld help publishers manage.
The Media Trust is part of a new cottage industry that has emerged in response to the attacks and the growing sophistication of malvertisers, and AdMeld said it will begin using its proprietary technology to detect tags for malicious code before they are launched via publishers’ sites.
Most of the big players in the online display industry are beginning to lock up similar deals. In May, Rubicon Project, one of the biggest players in the self-service online display advertising marketplace, acquired SiteScout, a Seattle-based company specializing in malware detection and prevention, replacing a licensing deal it had with San Francisco-based advertising security firm ClickFacts.
Like ClickFacts, The Media Trust started out as a company that helps advertisers monitor the quality of their online advertising buys, ensuring that their campaigns run only on appropriate sites and that they are not adjacent to any inappropriate or competitive content. But over time, their detection systems have evolved to deal with malicious code as malvertisers have begun exploiting the rapidly evolving online display advertising marketplace. Malvertisers sometimes embed their code into legitimate ads placed by bona fide advertisers, or they sometimes pose as authentic advertisers and agencies to distribute ads infected with code.
All of the companies tracking malvertising say they marvel at the speed and ingenuity with which malvertisers adapt Madison Avenue-like techniques to distribute their code, and The Media Trust CEO Chris Olson says their behavior has recently evolved to the point that it now looks like some are executing campaigns that are as sophisticated and broad-based as some of the ad industry’s leading digital agencies.
"The amount of malware we are seeing is absolutely staggering," he says, noting that in the past several days alone, The Media Trust has detected dozens of discrete malware campaigns utilizing unique creative executions that have been placed across dozens of advertising networks infiltrating hundreds of publishers.
"These are larger, more coordinated attacks," he says, noting that in the past, malvertisers generally, were a "hit-and-run" lot. Now Olson says they’ve grown more "brazen" and sophisticated, and are launching broad-based attacks simultaneously exploiting online ad networks, exchanges, and publishers. He says the campaigns seem to be as well conceived and executed as those coming from the biggest agencies on behalf of the biggest online advertisers.
"I don’t know if you can say they are quite as sophisticated as a VivaKi," Olson says, referring to Publicis’ state-of-the-art digital media services organization, "but they are getting more sophisticated and they’re definitely using a form of yield management."