Malvertising hurts publishers in many ways—declines website score in the eyes of advertisers and causes bad website experience leading users to install ad blockers. 

It is often confused with adware but both aren’t the same. Adware is a software installed generally without a user’s permission. It triggers unwanted ads and continuously disrupts the user’s experience. Malvertising, on the other hand, is malicious code executed on a publisher’s website. 

Both directly affect the user because their system’s safety is immediately compromised. Publishers also bear the brunt because they serve malicious ads, thus increasing installation of ad blockers.

Global events such as COVID-19 or recession often create a perfect environment for malvertising to increase. 

Recently, COVID-19, for example, has increased malvertising across all browsers and devices. Publishers are experiencing low CPMs and heavy website traffic simultaneously. Because of a lack of monetization opportunities, publishers are lowering their price floors and increasing the number of ads on their pages. This creates a perfect opportunity for malvertisers to step in. 

“Publishers are fighting two battles at once to prevent revenue and user disruption: malvertisers and ad blockers. Both are part of the same war, and for the industry to win this war, it needs to win both battles.” 

Confiant Cofounder and CEO Louis-David Mangin for AdMonsters

A study conducted by clean.io in March 2020 reflects this statement statistically. 

Clean.io chart on increasing malvertising amidst COVID-19

Daily malvertising threats have increased considerably since March 11th, coinciding with the peak of coronavirus cases and lockdowns in many countries. 

Clean.io chart on malvertising threats by browsers

Another important point to note is that often malicious ads look exactly the same as the non-malicious ones. This is why it’s easier for publishers to fall prey to these bad actors. 

Preventing malvertising from disrupting user experience and causing further downfall of revenue should be on high priority for all publishers. In this post, we cover several ways using which publishers can avoid malvertising. 

How Malvertising Works

Key members of the digital advertising ecosystem are aware of malvertising and the menace it has caused over the years. However, despite their efforts to prevent it, malverts still find their way on to a publisher’s website.

A malvertiser directly submits their malicious ads to an online third-party vendor. Since these ads look pretty much the same as innocent ads, the malvertisers win their bids. After that, the ad is served across all publisher websites that the third-party vendor is associated with. 

Malvertising mechanism according to Imperva
Source: Imperva

Malvertising Mechanism 

There are many different ways in which malvertising activities take place. Malicious code can be added in many ways by an attacker. Some of these ways are as follows:

  • In Ad Calls: Whenever a user enters a publisher’s website, an AdExchange pushes ads to the website’s inventory through third-party vendors. Here, an attacker can easily compromise any of these vendors, thus being able to inject malicious codes.
  • In Ad Creatives: Malicious code can come embedded in a banner ad. This is ordinarily done by injecting malicious code whenever a banner ad is a combination of images and JavaScript. 
  • Landing Page Malvertising: Often landing pages contain malicious code. Users reach these landing pages by clicking on ads on a different website. 
Malvertising creatives that look like normal ads

Above is an image from the study conducted by clean.io on the increase of malvertising amidst COVID-19. The creatives present in this image look like normal ads but are indeed malicious ads, highly responsible for disrupting user experience.

Similarly, many malicious ad campaigns have been carried out in the past. Some examples are as follows: 

Unanimis Malicious Ad Campaign

This occurred with the official website of the London Stock Exchange. For several hours, their website served a malicious ad which was later found to be coming from Unanimis, an ad network owned by the Orange France Telecom Group. This malvertising ad campaign affected many high-profile users and rendered their systems defunct with malware. 

RoughTed Malvertising Campaign

In June 2017, it was reported that a malvertising campaign titled RoughTed was infecting publishers’ websites. It was later revealed that approximately 28% of the organizations worldwide were directly impacted by it. 

Spotify Malvertising 

The popular music app has been linked with malvertising in the past. In 2016, Spotify served malicious ads to all its users who were using the free version of the app. The malicious ads spread regardless of the devices that users were running the Spotify app on.

How Malvertising Affects Publishers 

Malvertising has a direct impact on the website revenue of publishers. There are two major ways in which malvertising affects publishers:

  • Loss of Revenue: Even the biggest publishers across the world aren’t immune to malvertising. All kinds of publishers rely on money earned through advertising as the primary revenue source. If users start installing ad blockers, the advertising-based revenue will inadvertently go down. This directly impacts publishers’ earnings. 
  • Loss of Traffic: If a publisher’s website regularly serves malicious ads, users refrain from coming to the website. This leads to traffic decline, eventually also damaging publishers’ reputation. 

How to Remove Malvertising 

Naturally, publishers are looking for solutions to identify malicious ads and prevent them from being served. Here are some methods that publishers can use to remove malvertising from their websites: 

Choose a Reliable Ad Server 

Since malvertising is a global problem, the digital advertising ecosystem is brimming with solutions to identify malverts at the first step itself. Identification in the beginning saves a lot of time in recovering revenue losses caused by malvertising. Many ad servers now come with an in-built scanner that identifies malicious ads. Note that these scanners aren’t 100% effective and can also miss out on certain malverts. 

Since Google Ad Manager is the most popular ad server, we have covered its mechanisms on preventing malvertising:

  • Penalizing Authorized Buyers: Sometimes authorized buyers can also get associated with approving malverts. If Ad Manager’s malware scanning tools identify malvertising activity from an authorized buyer, Google immediately suspends the buyer for three months. 
  • SafeFrame: Forced redirect ads have often disrupted user experience and have made users install ad blockers to prevent this activity. Google Ad Manager developed SafeFrame technology to deal with this. SafeFrame is turned on by default for custom and third=party creatives.

Google also encourages publishers to establish authenticity of their advertising partners in order to prevent malvertising.

Here’s how Google Ad Manager helps:

Ad Manager also scans creatives to check if they are violating Google’s policies. If publishers want to bring traffic to these creatives, here’s how they can do it in Ad Manager:

  • Sign in to your Google Ad Manager account.
  • Click on Delivery >> Orders 
  • Apply filters such as Policy Violations to see which creatives have been flagged for violating Google’s policies. 
Google Ad Manager screenshot of privacy violations

Once the creative that violates policies is found, head over to the Creative Details Page. A yellow box there lists down what is causing the policy violation. Premium Ad Manager users can also view the domains associated with this violation. 

How to fix privacy violations in GAM creatives

Here are two ways in which publishers can fix this issue:

  • Remove the domains associated with this creative that are causing malvertising activities.
  • Contact the SSP or ad network if the creative has been obtained from them. Ask them to block or remove this creative and stop any creatives that lead to the domains that cause malvertising.

Perform Background Check

Publishers should always work with legitimate partners in order to prevent malvertising. A thorough background check of ad networks, agencies, etc. to see if they intentionally or unintentionally allow malvertisers to serve bad ads. 

References help in these cases and publishers must actively pursue them before onboarding any advertising partners. Another way to ensure legitimacy of an organization is checking if they have a self-diagnostic tool in place. Due diligence should be performed by any third-party vendor, ad network, etc. on their own to make sure no malverts are served eventually. 

Using Google’s Safe Browsing Diagnostic Tool

Google has developed a technology that consistently works towards creating a safer web experience. Every single day, billions of webpages are scanned to check whether they are malicious or not. For this, they have also built a safe browsing tool which can be accessed by everyone. Anyone can check any link that they suspect is malicious and Google’s tool tells whether the site is unsafe or not.

Publishers can also make use of this tool to regularly check if any pages are listed as malicious pages. This isn’t a completely foolproof tool but is still a good way to identify and remove malvertising on a website. The tool can be accessed here.

Conclusion

As AdMonsters puts it in this article, “publishers have always been at a war with bad ads.” As long as malvertisers manipulate their way into the digital ecosystem, it will always be challenging to remove malvertising. What may be possible still is to assure that user experience gets elevated every day. By following the above practices, it may not be entirely possible to get rid of malvertising, but whatever results come out these will always be worthwhile.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.