Scareware (or malvertising) and tips for dealing with ad networks

2010 March 5
tags: , ,
by Tim Hanlon

Having just fought (and thankfully, won) a week-long battle against scareware (Google calls it malvertising) appearing on Gizmag, I wanted to do a brain dump of what I’ve learned along the way.

Every time a user experiences this kind of “advertising”, it’s damaging the user’s experience, the site and its relationship with its readers, the advertising network itself and the industry as a whole – no doubt a significant percentage of AdBlock installations have been a result of scareware.

…so it was an unpleasant surprise seeing how some of the networks we deal with responded to the problem once made aware of it. Of course, I’m contractually obliged not to reveal any specific details, but here’s some tips for when you’re thinking about jumping into bed with a new ad network:

  • Be wary of networks who don’t give you the ability to see what advertising is running on your site and block specific advertisers or creative from running without their intervention.
  • Be wary of networks who don’t give you access to a publisher interface that allows you to change your default tags (tags from another ad network which will be displayed if this network can’t fill the impression) without their intervention.
  • Be wary of networks who won’t give you daily reports on creative delivery. Without this, you can’t see if they’re serving ads from a third-party remnant deal without letting you know.
  • Do not sign any exclusive ad contracts without having a lawyer (who actually understands online advertising) go through it with you. Consider adding a clause that allows you to pull their tags in the event of inappropriate advertising appearing on your site. (Remember, contracts are negotiations.)

Having said that, don’t take this as me saying “don’t sign up with a network that falls into any of those categories” – the best network we’ve been involved with to date doesn’t have a publisher interface. Just understand the risks involved with not having complete awareness and control of the advertising that is being served onto your site at all times.

In the end, I won the battle by cutting our ten-strong ad waterfall (a chain of ad networks that pass on impressions they can’t fill to the next network) down to two networks. Of course, the hundreds of thousands of impressions that are no longer being filled each day made quite a dent in our revenues, but the trust we’ve built with our 1.1 million readers over the last eight years is far more important.

I signed up at BlackVPN, who have a rock solid and reasonably priced VPN service that allows you to view your site as it would be viewed by a reader in the US, UK, Europe and the Netherlands (incredibly helpful for someone in Melbourne, Australia). This allowed me to experience the issue myself, and verify that we’d got it sorted, rather than relying on our readers for diagnostics.

…and I’ll leave you with another tip. You might run OS X, but always have a Windows machine handy for diagnostics. It appears that this particular attack relied on an Internet Explorer vulnerability. No surprises there, really. (Thanks again for Internet Explorer, Microsoft. You’ve left a stain on the internet that will take decades to clean up.)

from → Advertising

No comments yet

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS