Google plans to kill all your ads if you don’t kill the abusive ones first. Here’s how you do it.

OK, kill might be a touch dramatic. However, if you are a publisher displaying ads on your site, or an ad platform serving ads up, the impact is no joke.

The arrival of Google Chrome 71 in December marks a major escalation in Google’s efforts to stop the negative impact abusive adscan have on users. Chrome 71 will block abusive ads — commonly known as malvertising — so that users cannot be deceived into clicking through and exposing themselves to, at the very least the nuisance of an auto-download or a back button hijack, or on the far more serious end of the spectrum, a ransomware attack or a nasty phishing url.

Publishers impacted

This is a good thing, and Google has made previous attempts to tackle these harmful ads with Chrome 68. The key this time is that for repeat offenders, Google won’t merely block the abusive ads on your publisher site, it will block ALL ads until you can consistently clean up your act and protect your website visitors. Google will give you a 30 day grace period to check your Abusive Experiences Report and take action, but should those actions fall short, or worse not be tackled at all, Google will remove all ads from view.

The potential impact for publishers is immediately clear. Revenue from digital ad streams relied on to cover the costs of producing quality, engaging content will evaporate almost immediately, increasing the pain of keeping users interested and coming back day in and day out. Brand confidence will stumble as well when those advertisers buying ad space realise that money has been wasted and their ads won’t be seen by the customers they want to get in front of. A publisher running afoul of Google’s wrath will quickly find themselves caught in a vicious circle.

For the ad platforms these publishers work with to sell their traffic to the highest bidder there will be an unavoidable knock-on effect. Sites that start cleaning up to ensure their ads don’t suffer from a blanket block will soon realize that certain platforms continually serve up these problem ads and lose confidence in their viability as a partner. An ad platform struggling to deliver clean creatives can find their reputation tarnished before they really know what’s hit them.

Time to clean up

So what can you do to keep your ad creatives clean, user friendly, and visible on Chrome 71? Start by taking the problem seriously. 2018 has been an important year for shining a light on the problem of malicious, deceptive content. Recently, six leading programmatic exchanges came together to develop a set of guiding principles for a safe and transparent programmatic ad market, and chief among them was a commitment to scanning all creatives for malware and other ad quality issues. With Google now taking this major step with the launch of Chrome 71, the challenge of eliminating bad ads can no longer be put on the back burner.

Avoid the trap of thinking your operation is too big to be plagued by efforts to infect the ads you work with. While malware issues might trouble smaller digital publishers more regularly, major players can fall victim to some incredibly sophisticated, painful attacks. When this happens, the impact across the digital ecosystem is all the more severe, and the scope that much greater.

What are you doing now?

Next, take a look at what you’re doing now to tackle the problem. Is it agile enough to catch everything? An in house solution might seem like a suitable stop gap, but a basic tool will never detect every threat, particularly as cyber criminals continue to innovate and develop more sophisticated techniques for delivering dirty ads. This leaves ad operations and compliance teams struggling to keep up and ultimately fighting a battle they can never win. Partnering with a dedicated ad verification solution can ensure teams have the support they need, and are empowered to take decisive, data driven action.

For publishers and ad platforms already working with a trusted partner focused on ad quality challenges and still struggling to keep compliant, it’s likely that a single partner won’t suffice, or the solutions they offer are too limited in scope to solve complex challenges. The easy appeal of a real-time blocking solution, for example, sounds like a perfect fix, but in reality the embedded script tasked with blocking in “real-time” relies on a cache system to identify a previously encountered bad ad. Considering the speed and creativity with which talented programmers reinvent or modify the dangerous content injected into an ad, that real-time blocking script will still let any bad ad it has never dealt with before slip through the cracks.

You might be armed with a hammer, but that doesn’t mean every problem is a nail. Within the evolving landscape of malicious behaviour, many new problems will call for a more subtle approach.

New challenges, creative solutions

Another rising concern keeping those handling ad quality compliance awake at night is ad cloaking.  When a member of your compliance team is performing an online quality check, they are likely doing so from a single fixed IP, or at best a small range. Armed with this information, an attacker generates a script that effectively cloaks an attack via IP blacklisting, leaving that visitor viewing a clean ad while the dangerous elements make their way to the target audience.

Again the task at hand requires combating criminal ingenuity. To deal with cloaking, implementing a more sophisticated strategy, using an intricate network made up of millions of proxies renders blacklisting virtually impossible, and ultimately pointless as they would be blacklisting the IPs of their intended victims.

The challenge of malvertising is difficult to face, but impossible to ignore. For publishers and ad networks, the best defense against bad ads is a multifaceted approach combining internal commitment and focus with the external experience and performance abilities of dedicated partners capable of providing confidence, control, and a commitment to creative security.

A trusted partner

We are committed to working with our partners to solve today’s most difficult ad verification challenges. To learn more about the AdSecure platform, our mission to stop cyber criminals from doing harm, and our approach to clean ad delivery, click here.

Ad formats & how they can be corrupted: #2 Banners

What is a banner?

A banner ad, also known as a display banner, is an online advertising format that is typically a designed visual or an image accompanied by text or a call to action. When an end user clicks on the banner he is redirected to a landing page for the advertiser’s offer.

Why do cybercriminals target this format

Cybercriminals seek to take advantage of both display advertising and related ad landing pages to distribute multiple forms of malicious content, by leveraging the ad ecosystem to their advantage. The ad industry is a complex and powerful machine and with the growth of programmatic advertising, where the buying and selling of advertising is carried out automatically in real time, this can lead to a loss of control of the security of ads being served by ad exchanges and ad networks. The rise of programmatic advertising is helping to fuel the robust growth in malvertising. By replacing human decision making for the purchasing and placement of advertising with software in a machine to machine ecosystem, there are new opportunities for criminals to exploit display advertising to distribute malware and hide malicious code within a banner ad.

The banner is still one of the most used ad formats and because of its sheer global volume, the reach and exposure cybercriminals can achieve once they get a banner containing their malicious code to slip through the net, can be huge.

How do they do it?

Some of the most common ways criminals spread malicious banners include:

  • Malicious code hidden within the ad creative, which is enabled only once the campaign has been approved by an ad platform.
  • By compromising trustworthy and legitimate advertiser accounts on ad platforms.
  • The creation of fake identities (skype, linkedin…) in order to mislead someone in the ad chain.
  • Targeting high profile publishers rather than multiple low profile ones to maximize their exposure with a single rogue campaign.
  • Taking advantage of the naivety of end users, who mistakenly often think they need to actually click on a malicious ad to get infected

What examples has AdSecure seen of malicious advertising using this format?

Nowadays, the most common violations with banners are auto-redirects: when an infected ad is effectively being displayed on a publisher’s website, it can get to a point where the iframe will take over control of the website and redirect the visitors to malicious landing pages (containing social engineering content, or even worse, exploit kits).  

Additionally, banner ads can show inappropriate content, for example, a banner containing adult material being displayed on mainstream or even children’s websites, or the image and text of a banner ad that has been designed to mimic genuine warning alerts generated by computer security software.

What is the solution?

AdSecure helps ad platforms and publishers regain control and confidence by offering an ad quality solution capable of scanning, analyzing and detecting malicious and non-compliant ads and their related landing pages.

If you would like to find out more about incorporating AdSecure into your business, please visit our contact page for more information.

AdSecure expands mobile carrier coverage to Australia

??

AdSecure is excited to announce that, in addition to standard and residential IPs, we now also provide mobile carrier coverage for Australia .

As of today, the following providers are available for our clients who want to check their mobile offers running in Australia:

  • Optus
  • Telstra
  • Vodafone

If you would like to find out more about incorporating AdSecure into your business, please visit https://www.adsecure.com/contact/ for more information.

One step further towards a better encrypted internet: HTTPS vs HTTP

With its latest release of version 68, the Chrome browser is now labelling as “Not Secure” all HTTP (unencrypted) websites.

As stated on their security blog Google explains that:

“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “Not Secure”

The Chrome 68 omnibox will now show the “Not Secure” label for all HTTP pages, instead of the small “i” icon. This label will not only highlight the unsecured nature of the HTTP pages but will also push publishers to move over to HTTPS from HTTP.

To help drive adoption of a more secure internet, AdSecure is adding a new detection feature on its platform: “SSL non-compliant”. This new feature will help ad-platforms and publishers detect HTTPS banner tags which are loading HTTP resources that lead to generating mixed content errors on the publishers’ websites. Such a problem can cause information leakage, hence the importance of monitoring ad tags.

Here are the different elements AdSecure checks when analyzing the banner tags for SSL compliance:

  • Ensuring that the SSL and certificate version match
  • Flagging suspicious certificates: expired, revoked, untrusted (based on CA), self-signed
  • Checking mixed-content for externally loaded resources (scripts, css, img, etc…)
  • Detecting invalid CAs
  • Verifying protocol and cipher strength to reduce the risk of information leakage

AdSecure provides next-gen defenses that protect publishers and ad platforms against a wide range of attacks. To test how AdSecure can help your organization detect, investigate and respond to advanced malvertising attacks, sign up for a free trial.

Ad formats & how they can be corrupted: #1 Popunders

In this three part series we look at popular ad formats that can be corrupted with Malware. In part one we look at Popunders.

What is a Popunder?

A Popunder is a large format full screen online advertisement. It is displayed by opening a new browser window after an interaction from the user with a website (e.g. click), usually via some sort of JavaScript. The new window opens behind the one that is currently being viewed by the user. It does not interrupt the user experience. When the user closes the page he is viewing, the Popunder remains for the user to see.

Why do cybercriminals target this format?

Because Popunders usually remain unnoticed until the active browser window is closed or minimized, the user may not notice the advertisement/malvertisement for a while. Usually an ad networks Compliance team’s approval process for Popunders is less strict than for other ad formats because ad networks offering this format tend to be more flexible, for example this format is not available on Google.

How do they do it?

The cybercriminal will submit a ‘clean’ Popunder to an ad network during the review process. Once approved the cybercriminal can then inject malware script into the Popunder. Many cybercriminals will inject the malicious code for a limited time to avoid detection of the Popunder’s content change.

What examples has AdSecure seen of malicious advertising using this format?

Our system has detected the following malicious advertising on Popunders:

  • Malicious/Phishing URLs
  • Malware downloads (including ransomware)
  • Crypto-jacking
  • Scareware
  • Browser Lockers

AdSecure’s advanced crawler technology can detect changes in a Popunder’s content that is injected with Malware. Contact us to find out how we can protect your users and keep your advertising safe.

The Importance Of a Secure Ad Platform

Online advertising is a booming industry with over 204 billion dollars spent on advertising worldwide in 2017. Countless websites use advertisements to pump up their earning power and recommend useful products and services to their visitors. But many website owners fail to consider the security of their ads, leaving consumers open to risk. Here’s what you need to know to keep your ad platform secure.

What is a Secure Ad Platform?

As a consumer, how many times have you been surfing the internet, reading a news article, or making a purchase when an ad blocks your view? Often, malware ads pop up and refuse to go away, forcing you to close your browser or app to get rid of them.

As Fast Company reported in early 2018, these malware ads negatively influence the consumer experience. In fact, even big-name websites like The New York Times and The Atlantic have fallen victim to malware ads that hinder users’ ability to read and interact with articles.

The bad news is, although these ads may appear to be publisher-run material, it’s difficult for sites to find the source and remove them. As top-tier publishers are finding out, a secure ad platform is crucial for both consumer trust and a dependable income stream.

Consider the fact that malicious auto-redirect ads have cost publishers and marketers over $1 billion, according to Fast Company’s expert. Smaller businesses stand to lose a proportionate amount of their income as well if malware continues to dominate the internet.

In contrast with the spammy pop-up ads that many users run into, a secure ad platform maintains only legitimate and scam-free advertisements. This protects your audience and your reputation as a business or website owner.

A secure platform can also notify website owners of potential problems. Scanners and subsequent reports inform you when ads and landing pages are out of compliance with your specifications so that you can avoid exploit-kit based and other attacks.

Even if you don’t have secure ad software to do the work for you, there are still steps you can to recognize and mitigate security risks.

Security Red Flags to Watch For

Filtering out legitimate versus malware ads without software involves thoroughly checking your website and files for signs of “infection.” From viruses to Trojan software, there’s a lot that can hide in advertisements.

Code Changes

On the back end of your website, keeping an eye out for unauthorized code changes can help you catch malware before it wreaks havoc. Often, spam ads “hack” into your website’s code and cause annoying and potentially viral popup ads.

Unfortunately, because these malware ads are attempting to go unnoticed, they can be hard to identify. However, some programs scan your code and automatically make backup files. You can do this manually, too, with a bit of general coding knowledge.

Sluggish Site Behavior

While you may be more concerned with what’s happening behind the scenes on your website, it helps to visit your website the way your audience does. This way, you can gauge your site’s loading speed. The longer it takes to load, the more likely there’s a problem with your ad platform.

Visiting your website from the front end will also show you any malware that’s currently active. If you experience popup ads when you load your site, you’ll know you need to take a closer look at the administrative end.

How to Stay Secure with Ads

While it can be hard to get rid of malware ads once they infiltrate your site, some simple preventative measures can help avoid them in the first place. Here are a few ways to stay secure with ads.

Use Secure Hosting

Depending on your business model, you may look for the least expensive hosting option available. But according to InfoWorld, hackers tend to target shared hosting servers. Because shared Web hosting servers host multiple domains, their information stores give hackers tons of information for phishing.

The alternative to shared server hosting is dedicated hosting, which often costs more but allows you more control over your server. You can also add extra security precautions that prevent hackers from readily accessing your information.

Run Malware Checks

Scanning your ad tags and landing pages for any issues can help identify malware before it takes over your website. You can also run checks from more than one browser, device, or location to ensure that everything is running smoothly.

Keep Things Simple

Overall, the more features on your website, the more likely you will fall victim to security breaches. That’s because complex code can hide malware codes more effectively, meaning you may not notice a website malfunction until a user reports it. At that point, you may have lost revenue already.

Trimming down the features on your website can help reduce your odds of falling victim to hacking, but that doesn’t mean you have to forgo interactive features that your customers will find useful.

PixelPrivacy.com is all about making the world of online security accessible to everyone. Check out Pixel Privacy’s blog if you’re interested in keeping your private information just that: Private!

AdSecure’s platform is the intelligent defense against malvertising. If you are a publisher or an ad network our software will alert you when malware is being served on your website or network and keep all of your advertising safe. Contact us for a free trial 

AdSecure’s latest platform feature scans for Google compliance

AdSecure, the ad verification tool used by ad networks, ad operations teams and publishers, today announced that it has updated its scanning technology to recognise and flag advertisements that are not compliant with Google’s Abusive Experience Report. AdSecure’s latest platform feature uses state-of-the-art image recognition technology, machine learning and AI to recognise all ad formats and creatives that Google considers to be abusive and therefore non-compliant.  

According to Google’s Abusive Experience Report the following ads are specifically designed to mislead users and are therefore non-compliant:

  • Auto-redirect the page without action from the user.
  • Take the user to an ad landing page or other content when they click anywhere outside of the user-visible border of the element.
  • Resemble system or site warnings or error messages.
  • Simulate messages, dialog boxes or request notifications.
  • Depict features which do not work.
  • Display a “close” button that does anything other than closing the element when clicked.
  • Imitate Antivirus Alerts

Source: https://support.google.com/webtools/answer/7347327

Source: https://blog.chromium.org/

Google states that from 15th February, publishers that feature any of the aforementioned abusive ad experiences will receive a violation notification. The publisher will have 30 days to stop displaying the non compliant ads and will have to submit their site for review via WebTools for approval from Google. For each listed experience, Google will provide a brief definition, the URL of the incriminated page, screenshots and a short video that shows the misleading element(s).

Once the publisher has fixed all the issues from the report, he will have to submit his website for review. Even though Google has not publicly shared an exact time frame on how long the review process would take, some sources seem to indicate that the review could take around two weeks. If the publisher fails to comply, external links (window.open/new tabs) will be blocked on the entire site which lead to a loss of ad revenue, including from Google Adwords.

Mathieu Derval, Product Manager at AdSecure commented, “We are excited to be adding new violations that Google considers as abusive to our detection arsenal. This new platform feature is a ‘must have’ for ad network platforms, publishers and ad operations teams. Not only does it ensure that publisher revenues are not compromised by penalisation from Google, but publishers continue to preserve trust and security within the online advertising ecosystem.”

Derval continued, “AdSecure clients have the capacity to run comprehensive scans to inspect their ad tags and will receive real-time notification alerts through AI assisted analysis, each alert features a comprehensive report listing the non-compliant elements, allowing clients to take immediate action and reduce the risk of their own publisher clients getting flagged by Google.”

If you would like to find out more about incorporating AdSecure into your business, please visit https://www.adsecure.com/contact/ for more information.

3 reasons to use AdSecure’s new Residential IP scanning technology

The AdSecure engineering team has been very busy over the last few weeks, and we are very excited to announce a major product enhancement that will further improve the overall detection of malicious ads. The new feature offers clients the possibility of scanning tags and landing pages from Residential IPs.

Residential proxies are IP addresses from a standard Internet Service Provider (ISP), often DSL or cable, that are wired directly into a user’s home, unlike Datacenter proxies, which are IP addresses that come from a secondary corporation and work by hiding the users’ IP addresses from the internet.

AdSecure’s Residential IP features allows you to:

1-  Beat cloaking practices

Cloaking is a common technique used by bad actors to display different ads or landing pages to users than the ones that are approved by ad platforms. Because ad platforms usually use Datacenter and not rotating IPs, it is easy for a criminal to know which IP address the compliance team is using during the review process, so the bad actor fools them by serving a compliant ad, while serving a malicious version to the rest of visitors.

2- See what real users see

Now you can scan ads and landing pages that are the ones being seen by ‘real’ users so you can verify the integrity of each offer.

3- Safeguard Your Audience.

Protect your users and your reputation by stopping non-compliant ads and landing pages.

As of today AdSecure gives you access to Residential IP scanning for over 70 GEOs including: US, Canada, Germany, France, Mexico, Italy, Thailand, Brazil and many more. In the near future AdSecure be adding more Residential IPs.

Contact us now if you are interested in testing this feature for free.

AdSecure launches ad scanning for premium 3G mobile carrier IPs

Barcelona, 13 November 2017.  AdSecure, the ad verification tool used by ad networks, ad operations teams and publishers, today announced that it has significantly improved its mobile ad scanning technology by implementing 3G proxies across a range of countries and mobile carriers.  

This new platform feature allows clients to scan live campaigns that are targeting specific mobile users.  This is a highly powerful feature as advertisers tend to show different type of offers for 3G and Wifi users, and this can be challenging to monitor.  

The feature works by allowing clients to scan by country, 3G carrier network and iOS or Android.  Once a fraudulent, malicious, non-compliant campaign or landing page is detected the client is immediately emailed a comprehensive analysis of each anomaly detected, which leads to a better understanding of the ad’s redirection chain  so that they can take action.  AdSecure has deployed this feature in 16 countries, supporting over 50  mobile carriers. And planning to release new mobile carriers in the near future, to offer the widest range of 3G proxies in the market. Current locations include :

  • Austria: A1 / T-Mobile / Three
  • Belgium: Base / Orange / Proximus
  • Brazil : Claro /OI / TIM / Vivo
  • Canada: Bell / Rogers / Telus
  • France: Bouygues Telecom / Free / Orange / SFR
  • Germany: e-plus / O2 / T-mobile / Vodafone
  • India: Airtel / Vodafone / Idea / Aircel
  • Italy: Three / Tim / Vodafone / Wind
  • Mexico: AT&T / Movistar / Telcel
  • Netherlands: KPN / T-Mobile / Vodafone
  • Poland: Plus / T-Mobile
  • Portugal: Meo / Nos / Vodafone
  • Spain: Movistar / Orange / Vodafone / Yoigo
  • Switzerland: Orange / Sunrise / Swisscom
  • UK: EE / O2 / Three / Vodafone
  • USA: AT&T / Sprint / T-Mobile / Verizon

A full list can be viewed here.

Mat Derval, Product Manager at AdSecure commented, “AdSecure’s core mission is to protect the internet browsing experience and the addition of our new 3G feature allows clients to scan ad campaigns aimed at desktop and/or mobile 3G connections.  Now publishers and ad networks have the the tools to immediately identify fraudulent campaigns and ensure that their ad space inventory is filled with compliant, malware free ads to protect their users.  Additionally ad networks working with affiliates can now scan affiliate mobile offers and mobile carriers can scan ads that are using their 3G network.”

AdSecure will add more countries and mobile carriers very shortly.  For further information visit https://www.adsecure.com

AdSecure launches in Beta to beat malvertising

Barcelona 4 September 2017 – AdSecure, is a brand new ad verification tool aimed at Ad Networks, Ad Operations Teams and Publishers to ensure a continuous compliant and malware-free ad delivery and sustain a secure and safe user experience for website visitors.

AdSecure’s technology is built around a custom-made crawler using behavioural targeting techniques and is able to run checks from multiple browsers, devices and over 70 GEOs. The technology allows clients to automatically scan ad tags and landing pages for non-compliance and malware in real-time, 247.

As soon as AdSecure’s system detects a threat, it generates real-time notification alerts through intelligent threat analysis. The alerts are immediately sent to the client via email or through an API giving them access to comprehensive reports listing all malicious links, which then allows the client to take the appropriate actions.

AdSecure is quick to set up and it saves clients valuable time and resources by cleaning out malware and non-compliant advertising and therefore protecting their online reputation.

Mathieu Derval, Product Manager at AdSecure comments,

“Malvertising poses a very serious threat for the online community and for the entire online advertising ecosystem. Malware distributed through the digital advertising supply chain degrades overall trust in this ecosystem. Cybercriminals are taking advantage of the open system which relies on multiple parties including advertisers, ad networks, ad exchanges and site publishers. The boom in programmatic advertising offers attackers advanced targeting options making their malicious campaigns extremely effective and difficult to detect. This is why we created the AdSecure platform to give the industry the most effective, accurate and reliable ad verification tool.”

Mathieu Derval is attending the leading digital economy show Dmexco in Cologne 13-14 September, to book a meeting with Mathieu please contact us.

AdSecure is currently in Beta testing, if you would like to find out more about incorporating AdSecure into your business please contact us, for more information or visit www.adsecure.com.

ENDS For further press information please email press@adsecure.com.