The Demon in the Network

Share this content:
The Demon in the Network
The Demon in the Network

In the early 2000s, Rob Beeler—currently the content czar of online advertising community AdMonsters— received a message from a customer complaining about porn pop-ups appearing on his computer.  At the time, Beeler worked for a company that sent out advertisements to different publishers on behalf of advertisers—essentially an early ad exchange.

Beeler was caught off-guard by the customer's accusation. There was no way this was his problem. The porn pop-ups were clearly indicative of the customer's own browsing habits, and Beeler typed out a response delicately stating such. But soon, more complaints started pouring in, prompting Beeler to turn off all the networks. At this point, he realized the problem was his.

“It had all the tell-tale signs that I now know of someone posing as an agency that had a short-term deal that they wanted to start right away,” Beeler says. He recalls the situation: the advertiser—ultimately the distributor of the malware—wanted to start an advertising campaign by the weekend, and everything was transacted over the phone. While Beeler's company typically performed credit checks, the process would not have allowed the campaign to start on time. Only afterward, when Beeler began looking into the entity he thought was a legitimate advertising agency did he realize he'd been duped.  

“If the deal is too good to be true, it probably is,” he says.

Exposed to a new threat, Beeler got in touch with other ad operations companies, and found they were experiencing similar issues. This made it easier to isolate and eliminate the troublesome campaign.

This was an early malvertising event—malware embedded in advertising assets on publisher websites. And as online advertising proliferates– eMarketer estimates around $24 billion in ad revenues in the U.S. by 2015—the arms race between malware developers and ad networks will continue. For black hats, inserting malware into ad networks is alluring—significant distribution across numerous heavily-trafficked sites.  

Indeed, in recent years publishers like Gawker, the New York Times, and Yahoo Mail have all been subjected to malvertising attacks. Robert Hoblit, senior director of product management at computer security solutions provider Symantec, quotes the results of a survey it conducted on par with AdMonster - “half of [directors of ad operations surveyed] stated they'd been victims of an attack in the past year.”

Hunting and hunted

“The spread of malware is a revenue problem for the ecosystem because malware … leads to blacklisting and browser flagging – preventing viewers from looking at pages, which takes away impressions,” Hoblit says. Additionally, it damages the reputation of both the publisher and the ad network.

Malvertising assumes a variety of guises: malware perpetrators can mimic real-life organizations, partner with a publisher or an ad network, and supply creative that feels and looks harmless, but contains malware components. Alternatively, the attackers can hijack an ad server, and get hold of the username and password that would allow them to substitute legitimate creative with malware. Often, malware invites users to click on the ad, redirecting them to a website that serves malicious content. Users can also be exposed to malware that doesn't require clicks – the so-called drive-by downloads, where corrupt software, such as keyloggers, embeds itself on the user's device and mines personal data.

These are on the rise. Hoblit notes that in 2012 such attacks were up by a third. “The majority of what we [at Symantec] detect is drive-by,” says Hoblit.The one thing that makes click-through downloads a little more attractive as an attack vector is that it's harder to detect. You do indeed have to click,” he explains.

The problem with combating malvertising is that for every measure implemented by ad networks—say protections around downloads—there is a destructive countermeasure. Static approaches, such as blacklisting the domain from which malicious content or setting up a scanning device from a static IP address, simply don't work. Malvertisers react by simply setting up another domain, or by blocking the IP address that scans for malware. A more dynamic solution involves behavioral analysis, says Hoblit: load the ad, watch its behavior, and see if it matches any characteristics typical of malware.

The digital advertising ecosystem is founded on a huge network of connections between multiple companies. The breadth and depth of these connections is the space's Achilles' heel. If a piece of malware infiltrates one of the companies, the security of the entire network is compromised. One of the core issues is that publishers, ad networks, and exchanges rely on each other to scan for, and detect dangerous software. Publishers can inadvertently host malicious content if they rely on somebody else to deliver the code, so they have started to invest in monitoring software to protect themselves from threats.

Ad serving companies are wising up too, and putting up shields. “They want to protect themselves—publishers have a lot of sources, a lot of people they can work with and if they know a publisher has problems, it's easy to swap them out,” says Hoblit.

DMNotes is DMN's around-the-clock blog. Yes, a blog in 2016.

Bookmark this section and follow our RSS Feed here


Next Article in Marketing Strategy

Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above