Malicious URLs are inserted into ads with the intent of hosting all kinds of unsolicited content such as spam, phishing, and drive-by exploits. Like other kinds of malvertisements, a Malicious URL is designed to lure unsuspecting users to scam sites, which can lead to serious issues such as monetary loss, theft of sensitive information, and the appearance of malware. At first sight, Malicious URLs can look like legit landing page URLs intended to be a part of an ad’s sales funnel. They can go completely undetected by ad platforms and publishers, representing a real threat for the end user.

What is the Malicious URL and how does it work?

Malvertisers use Malicious URLs to direct users to dangerous and/or non-compliant sites to steal their personal and sensitive information such as bank details and  logins, or even trick them into downloading dangerous software.This can lead to serious consequences for their security. Also, Malicious URLs are often combined with other forms of malvertising such as Ad Cloaking, which makes non-compliant URLs even more undetectable by making them invisible for scanning environments and security tools.

To detect certain types of non-compliant or dangerous ads, Adsecure integrates external antivirus or security tools such as Sucuri, VirusTotal and Google WebRisk. This is the case for the Malicious URL Detection: Whenever a potentially malicious URL click is detected by these third-party Antivirus vendors, it will appear in the Adsecure system as a Malicious URL violation. The Ad Network or Publisher owner of the account will then be notified of the issue so that they can eliminate the threat with the AdSecure’s ad security tools.

Here are the 3 sources from where a malicious URL violation will be triggered and reported to AdSecure clients:

Malicious URL Sucuri: This detection is based on Malicious URL violations reported by Sucuri  which adds to the AdSecure platform an incredibly solid extra layer of continuous website monitoring with daily updates for malware, hacks, and blocklist status.

Malicious URL VirusTotal: Malicious URL violations detected reported by VirusTotal are the most common within the category. VirusTotal provides a wider scanning reach, by integrating thousands of external vendors, becoming a very valuable resource for the AdSecure systems.

Malicious URL Google Webrisk: WebRisk is a Google Cloud service that allows AdSecure to check URLs against Google's lists (which are checked and renewed constantly) of unsafe sites and landings. Through WebRisk, AdSecure has access to fresh and relevant data that is updated daily on more than a million unsafe URLs.

Why are the Malicious URL Detections Crucial for Ad Security?

For the last AdSecure’s Violations Report 2022 we analyzed over 100 million scans between the 1st January to the 30th June 2022, to provide insights into cyber criminal behavior during Q1 & Q2 2022. We found Ad security and quality Violations across the globe:

• Malicious URL is one of the most common Detections, constituting 41.84% of all violations worldwide, across the 3 Violation Categories: User Security, User Experience and User Advisory.
• It is also the most common Violation within its own category (User Security), representing 86.2% of violations within this category.
• We also compared the EU with the US across Q1 and Q2 2022. Malicious URL Detections account for 82% of Violations detected in the EU within the category - 375.2% more Detections in the EU than in the US.

As you can probably conclude observing this data above, it is highly advisable to analyze your campaigns to make sure that your ad supply chain is safe and compliant at all times.

Important! It is also advisable to run regular analysis pre and post launch, since the landing URL can be changed anytime by the Malvertisers, especially post-launch after bypassing initial compliance and security checks.

Malvertisers are constantly moving and adapting to find loopholes around Ad security measures. It becomes then extra important to use tools and build protocols to learn from their behavior and anticipate their moves, protecting the end user from current and future threats, and prevent their data being stolen.

How to protect the End User against Malicious URLs?

So, how to stop Malvertising and, more specifically, Malicious URLs? It is the responsibility of Ad Networks and Publishers to protect all online users against a bad or dangerous experience when browsing sites and engaging with their ads. AdSecure brings the solution: By using the Malicious URL Detection, Publishers can delete malicious URLs before their visitors can encounter them, and get rid of fraudulent demand partners in the process. Ad Networks can rely on this detection to check the quality of their ad campaigns pre and post launch, avoiding users data being stolen or avoiding an unpleasant browsing experience.

Paring with an ad security partner who has the ability to identify Malicious URL detections is extremely important to ensure the increase and retention of Publisher Site’s visitors, build trust with all parties, and avoid negative experiences such as: stolen data, device decreased performance, security scares, and the appearance of malicious software, as well as a long list of consequences of bad quality or unsafe ads.

To learn about different forms of malvertising and cyber criminal goals and tactics, check out our blog post: What is Malvertising and how to stop it.

Contact us to learn more about the Malicious URL Detection and how to implement it to keep your end users safe!