How to make malvertisers pay

Whether they are probing your site, hijacking user experiences, or launching full-scale attacks, cybercriminals are always looking for a lucrative payday through malvertising.

Malvertising and ad fraud can cost your business in several ways. Site experience and customer satisfaction will deteriorate as users are attacked by bad ads and consequently driven away from repeat sessions. This will then lead to lost ad revenue as your site traffic decreases, and having to spend valuable work hours tracking down and removing bad ads.

Bad ads are highly circulated and cleverly disguised. Anyone can fall for them without the right protection.

Traditionally, pre-scanning and blocklists have been the main ways to protect publishers and networks from malicious advertisers. But both come with their weaknesses and can end up hurting your ad revenue.

Malware scanning occurs in sandbox environments. Here, malicious code is recognized and automatically rejected. Sandboxing creates a “fake” environment with automated technology that attempts to detect a malicious program before serving an ad to a website’s users. It’s a common line of defense for publishers and can stop some malvertising campaigns.

Blocklisting is a way to provide “batched” protection against malvertising. Web pages use blocklist tools as a way to identify a known malicious advertisement. These URLs or code snippets are tied to malicious actors and the unwanted ads are not accepted during the bidding process.

As an anti-malvertising solution, blocklisting is activated during the ad selection process, but before the creative renders meaning the bad actors don’t pay for their impression. Thus, there is no negative ROI.

Pre-scanning has been around for some time, and the fact that it is a go-to strategy (and common knowledge) means it’s well known by bad actors. Expert malvertisers have had plenty of time to find effective workarounds.

Research indicates that there are now artificial intelligence components to malicious software that can evade pre-scanning in virtual environments altogether. If malware attacks can leverage AI, malware pre-scanning may not just be insufficient, it could become obsolete.

The issue here lies with the agility and creativity of a criminal advertising network. Cybercriminals are able to quickly and efficiently generate incredible quantities of unwanted ads, and this high rate of production and extensive reach outpace the effectiveness of even the best blocklist tools.

Malicious advertising URLs and snippets that aren’t present on the list of “known bad” offenders will be let through undetected. Additionally, domains can easily be rotated at scale, via automation, making it impossible to maintain an effective list. This means the malicious payload can be deployed as part of an exploit kit and the attacker ultimately gains access to the end-user.

Blocklists can also become stale and lead to large quantities of false positives tied to domains that are no longer malicious or never were. False positives result in lost revenue and extra operational overhead chasing down false leads.

A blocklist is built by catching a threat and subsequently creating that entry to block it. As such, blocklists are inherently reactive and have no way to proactively block novel threats.

Consistency in malicious behavior and creatives are essential to effectively catch bad actors using the traditional pre-scan or blocklisting methods. But dangerous ads do not perform the same way in sandbox and user environments, and bad actors cleverly swap URLs, creatives, or methods numerous times to avoid blocklists.

Behavioral analysis is the only way to stop modern malware attacks. Today’s malvertisers are cunning, quick, and endless, and have learned to adapt their strategies to sneak by traditional forms of protection. Behavioral analysis evaluates ad creative in real time and blocks malicious behavior. The process is this:

• Instead of a sandbox environment, behavioral analysis malware protection solutions run on the page, in the browser or app, in real-time.
• As users are viewing ads, creatives will always be allowed to render.
• Bad ads are stopped in the act of malicious code deployment and the negative actions are prevented from affecting the user.

HUMAN Malvertising Defense detects and blocks malicious ad behavior. Our proprietary Threat Mitigation Language (TML) prevents malvertising in real-time, addressing the problem of ad fraud and malvertisers who bypass pre-scanning in a virtual environment or aren’t listed clearly as bad actors on a blocklist.

Malvertising Defense is the only solution that prevents malicious ad behavior while still allowing ad impressions to fire. This means that malvertisers are paying for ads on your platform, even while their malicious creative is blocked. Thus, Malvertising Defense not only protects your users, but creates a financial disincentive from targeting your webpage.

Video stuffing ads: how they erode ad revenue & protection against them

Auto redirects: what they are, how they work, and how they hurt your ad revenue

What is ad quality?