• When Ads Go Wrong: Malware Attacks Embedded in Advertising

    The Problem With Rotating Advertisements

    Rotating advertisements are a staple of many websites today and can be a generous passive revenue stream when implemented correctly. However, some webmasters may not be aware of the risks that they may present. Along with having to protect themselves from inappropriate content and competing products, many webmasters will find themselves hosting a malware-embedded advertisement at least once in their website’s lifetime and often many times more. Quality control for advertising is handled by the third-party advertising company alone and is not always effective. A single malware attack or threat can turn a visitor off of a website or marketplace for life.

    How Malware Attacks Are Embedded

    Banner and tower ads today are often served in Flash format. This format is comprehensive and lightweight which makes it ideal for serving interactive and eye-catching ads that don’t drain bandwidth. However, it also poses a serious security risk because of the sophistication of the scripts that can be run within the Flash program. Flash files can attempt to gather data from viewers or even to install software on their computers without notification. This software will sometimes be a virus with the intent to damage the user’s computer but other times it will want to scrape information from their computers for the purposes of identity theft or other illicit activities. One such flash advertisement downloaded itself onto the user’s computer and then generated false malware messages.


    The Damage to the User’s Experience

    Most users today have comprehensive virus scanning software and will be able to detect and remove these threats immediately. However, this does not mean that the damage hasn’t been done. Many users will immediately exit a website that triggers their virus detection software and some of them may never return out of fear. Moreover, a webmaster may never find out about the threat because they may never encounter the specific banner ad in rotation. Users themselves will rarely if ever report such an ad. Finally, webmasters may find themselves blocked by a search engine’s automatic malware detection program. If this happens the webmaster will see a drastic decline in traffic almost immediately. Further, ads cannot always be caught by antivirus software because they are sometimes targeted at specific operating systems, such as mobile systems. They can also sometimes be directed at a specific location of IP address.

    Limiting Advertising Exposure

    All of this leaves many webmasters wondering what they can do to protect themselves from serving malicious ads. Unfortunately, as long as advertisements are served into rotation by a third party there is nothing a webmaster can do to absolutely ensure there will not be malicious programming within them. However, webmasters can do some things to limit their overall exposure. Webmasters can limit themselves to a single ad service so that they can easily isolate which service is having issues. They can also only use larger advertising services because these services scan their ad submissions the most thoroughly and have the most detail-oriented quality control teams. Webmasters can also attempt to vet their own ads. StopTheHacker can detect malware in ads and help a webmaster keep their site clean.

    Finding Advertising Alternatives

    Webmasters who wish to remove the threat of malware attacks entirely may need to start their own banner advertising program. This is not all that difficult and can even bring in more revenue for the webmaster because they are dealing with the other party directly. There are open-source software programs for the serving of ads that webmasters who are not familiar with programming can use. Finally, webmasters can ditch the banner advertising entirely in favor of more proven and substantial revenue centers such as affiliate marketing, product integration and pay walls.