Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Session: Malvertising: How To Detect and Deal With Malicious Ads Mike Nolet admonsters Ad Ops 360 July 17 th 2008.

Similar presentations


Presentation on theme: "Group Session: Malvertising: How To Detect and Deal With Malicious Ads Mike Nolet admonsters Ad Ops 360 July 17 th 2008."— Presentation transcript:

1 Group Session: Malvertising: How To Detect and Deal With Malicious Ads Mike Nolet admonsters Ad Ops 360 July 17 th 2008

2 What are “Malvertisements”?  Malware Ads, or “Malvertisements”, when displayed attempt to install spyware or adware or otherwise hijack a user’s browsing session  Often ads are built upon legitimate ads from legitimate vendors  In other cases, entirely fake marketing campaigns, complete with functional sites, are setup as fronts for buying ad-inventory  Affecting publishers from the long tail to the top – Yahoo, MSN, AOL have all been caught showing malware ads

3 Why you should care  Do you want your users to see this when they come to one of your properties?  Not to mention that recently passed legislation could potentially hold publishers liable for malware ads shown on their sites

4 Examples  Some examples of legitimate advertisements that were modified to install malware:

5 Examples  An example fake website setup as a front for an online marketing campaign that served entirely for malware:

6 Examples  Tags with fake serving domain to appear like an agency adserving system:

7 How to Prevent Malware Ads  Use Common Sense On Direct Buyers  Who is the buyer? Does he have a known reputation?  Could this buyer realistically have a relationship with this advertiser?  Is the offer just too good to be true? Pre-pays, high CPMs, International focus  Check Malware sites – (msmvps.com/blogs/spywaresucks & mikeonads.com)  When Dealing with Ad-Network  Don’t work with a network whose reputation you don’t know  Don’t place tags that contain too many redirects  Make sure your ad-networks are educated and aware of the various scams that have come up

8 How to Find Malware Ads  What do you do if you receive a user complaint?  Ask for as much technical information as the user can give: screenshots, source URLs, page source  Find out the browser, timezone, country and IP address of the user  Do not push them away and assume that it is the user’s fault – angry users result in bad publicity and complaints with federal agencies, law enforcement and online advocacy groups  Try to emulate that user on your own property  Use public proxy servers to emulate foreign IP addresses  Install a tool such as Firefox’s “Tamper Data” to sniff URLs and look for suspicious behavior.

9 Useful Links  My Blog:  Spyware Sucks Blog:  Tamper Data FireFox Plugin: https://addons.mozilla.org/en-US/firefox/addon/966 https://addons.mozilla.org/en-US/firefox/addon/966  Fiddler Debugging Tool:


Download ppt "Group Session: Malvertising: How To Detect and Deal With Malicious Ads Mike Nolet admonsters Ad Ops 360 July 17 th 2008."

Similar presentations


Ads by Google