While web browsing, have you ever visited your favorite brand’s homepage, only to be caught unawares by malvertising? Malverts can make you click on seemingly harmless links that make you download adware, and in general, create an unpleasant browsing experience. Imagine the impact it has on a website’s revenue. 

Ads to bring publishers revenue, no question about that. But, sometimes you have to be careful because if you let a number of ad operators run on your website, you may lose track of the kind of people you’re working with. The recent Covid-19 induced recession lowered revenue for many industries. Publishers found it hard to generate enough through their current web pages, given their low CPM and simultaneously heavy website traffic. A lack of monetization opportunities led publishers to lower their ad price floors, inviting more ads to show on their web pages. If malvertising somehow slips through these cracks, the results can be disastrous. 

What Is Malvertising? 

Malvertising attacks rely on infected ads to spread malware or redirect users to malicious websites. You may not need to click on the ad to get infected. Malware ads appear on trusted websites and can be hard to spot. 

A malvertising campaign will work like any normal ad campaign, buying space from legitimate ad networks, infiltrating legitimate websites with their seemingly harmless ads that contain malicious code. Malvertising compromises trustworthy sites, helping hackers bypass firewalls, thereby compromising local networks. 

Malvertising depends on a single point. Trust. Exploiting consumer trust in companies and ad networks helps malvertising spread across a large number of legitimate sites. Malvertising is not to be confused with adware. Malvertising attacks come from ads on sites, while adware is malicious software that you have unknowingly installed on your computer. 

What Are The Risks With Malvertising?

Some of the risks associated with malvertising are – 

Financial Information Theft – Some malvertisements mislead users into giving up financial information. Attackers can obtain access to bank account numbers, banking passwords, and can steal money from your users, who then lose complete faith in you. If you have your net banking passwords on your browser, you may be at equal risk as well. 

Credit Card Fraud – A lot of malvertising fuels credit card fraud, by which they use your site to harvest customer card information to buy stuff for themselves. 

Device Infection – Malvertising installs all sorts of viruses and malicious codes on devices, enabling hackers to steal passwords, or even control your computer remotely. 

Revenue Loss – Publishers face loss of revenue, because users, due to lack of trust start installing ad blockers, directly impacting the publisher’s earnings. 

Traffic Loss – If your website regularly hosts malicious ads, users will stop visiting it, leading to eventual traffic and user reputation decline. 

How Can Publishers Deal With Malvertising? 

To identify malicious ads and prevent them from being served, publishers are always looking for solutions. Here are some methods that can work. 

Malware Scanning As A Prevention

The first line of defense, pre-scanning is one of the main ways to spot and get rid of a malicious ad or ad network on your website. A malware pre-scan can identify malware before the ad goes live and unsuspecting visitors click on it. Bad ads are immediately neutralized. Malware scanning happens in sandbox environments, where malicious code gets recognized and automatically rejected. Sandboxing simulates an environment with automated technology that detects a malicious program before the ad is served, thus effectively stopping malvertising campaigns. 

Using Reliable Ad Servers 

Digital advertising is a vast ocean and has many solutions to stop malvertising. Nipping it in the bud prevents revenue losses. Ad servers now have in-built scanners that identify malicious ads. Google Ad Manager is one, which penalizes authorized buyers by suspending them for 3 months if they approve malverts. Its SelfFrame technology helps fight forced redirect ads. It also checks creatives to see if they adhere to Google’s policies. 

Blocklisting Malvertising 

A great way to provide ‘batched’ protection from malvertising, blocklisting uses tools to identify a known malicious ad. It gets activated during the ad selection process and prevents malicious ads, domains, URLs, and snippets. 

Background Checks 

Working with legitimate partners can help publishers fight malvertising. A thorough background check of ad networks, agencies, and others involved will show you whether they intentionally or unintentionally serve bad ads. Getting a reference is a good idea. A self-diagnostic tool should be put in place in each organization, to make sure that no malverts are served on their network. 

Google Safe Browsing Diagnostic Tool 

Google’s technology works towards curating a safe and satisfying web experience. Billions of web pages are scanned for malvertising and this safe browsing tool can be accessed by anyone. Any link can be checked for maliciousness, and whether the site is unsafe. For publishers, they can check the nature of pages, whether they are malicious or not. This method may not be 100% accurate but is a great way to identify and remove malverts from a website. 

Behavioral Analysis 

Ads will not always perform in a predictable way in a sandbox and user environment. The same URLs, creatives, or methods are not used every time by bad actors. While pre-scanning or blocklisting methods may be effective, if the malware attack is especially cunning, you’ll need behavioral analysis. This method can help you nip malvertising in the bud, and take care of the real issues that are malvertisers, who cleverly bypass pre-scanning in virtual environments, and escape being listed as bad actors on the block list. Behavioral analysis malware protection solutions run on the webpage, browser, or application in real-time. The malverts are stopped before they deploy their malicious code, and negative actions are prevented. 

Final Thoughts

Malvertising Targets Popular Sites - Ebuyer Blog

Publishers and bad ads have always locked horns. Malvertisers will not stop trying to manipulate the digital universe to meet their nefarious needs, and it will always be a challenge to combat malvertising. However, all this serves towards one end – the upliftment of user experience. As long as publishers take pains to combat bad ads, the end users on their site will have a positive experience. Following the above steps may be a great way to start if you want to rid your site of malvertising. 

The digital ad landscape is rapidly changing. Read this blog about optimizing ads, and this one about how algorithms are going to define the future of ads, to get an idea of where digital advertising is headed, and how to make it work in your favor. 

Rayomand Engineer

I am a writer based out of Kolkata, West Bengal, and I like to write on tech, politics, travel, music, environment, and wildlife amongst others. I’ve also written scripts for branded content, and also scripts for short films. I’ve been writing for more than a decade and I love it.