group session: malvertising : how to detect and deal with malicious ads
Post on 02-Jan-2016
26 Views
Preview:
DESCRIPTION
TRANSCRIPT
Group Session: Malvertising: How To Detect and Deal With Malicious
AdsMike Nolet
admonsters Ad Ops 360
July 17th 2008
What are “Malvertisements”? Malware Ads, or “Malvertisements”, when
displayed attempt to install spyware or adware or otherwise hijack a user’s browsing session
Often ads are built upon legitimate ads from legitimate vendors
In other cases, entirely fake marketing campaigns, complete with functional sites, are setup as fronts for buying ad-inventory
Affecting publishers from the long tail to the top – Yahoo, MSN, AOL have all been caught showing malware ads
Why you should care Do you want your users to see this when they
come to one of your properties?
Not to mention that recently passed legislation could potentially hold publishers liable for malware ads shown on their sites
Examples Some examples of legitimate advertisements
that were modified to install malware:
Examples An example fake website setup as a front for
an online marketing campaign that served entirely for malware:
Examples Tags with fake serving domain to appear like
an agency adserving system:
How to Prevent Malware Ads Use Common Sense On Direct Buyers
Who is the buyer? Does he have a known reputation? Could this buyer realistically have a relationship with
this advertiser? Is the offer just too good to be true? Pre-pays, high
CPMs, International focus Check Malware sites –
(msmvps.com/blogs/spywaresucks & mikeonads.com) When Dealing with Ad-Network
Don’t work with a network whose reputation you don’t know
Don’t place tags that contain too many redirects Make sure your ad-networks are educated and aware
of the various scams that have come up
How to Find Malware Ads What do you do if you receive a user complaint?
Ask for as much technical information as the user can give: screenshots, source URLs, page source
Find out the browser, timezone, country and IP address of the user
Do not push them away and assume that it is the user’s fault – angry users result in bad publicity and complaints with federal agencies, law enforcement and online advocacy groups
Try to emulate that user on your own property Use public proxy servers to emulate foreign IP
addresses Install a tool such as Firefox’s “Tamper Data” to sniff
URLs and look for suspicious behavior.
Useful Links My Blog: http://www.mikeonads.com/ Spyware Sucks Blog:
http://msmvps.com/blogs/spywaresucks/ Tamper Data FireFox Plugin:
https://addons.mozilla.org/en-US/firefox/addon/966
Fiddler Debugging Tool: http://www.fiddlertool.com/
top related