Comments on: Malicious Ads getting More Attention — People Still Clueless http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/ Ramblings about online advertising, ad networks & other techie randomness Wed, 28 May 2014 09:36:00 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: zip recover http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-147333 zip recover Wed, 07 Mar 2012 06:56:00 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-147333 Very very nice. Great article. Thanks Very very nice. Great article. Thanks

]]>
By: Infecting the Ad Pool - Tim Howgego http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-42037 Infecting the Ad Pool - Tim Howgego Sat, 12 Jul 2008 21:29:30 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-42037 [...] Malicious Ads getting More Attention — People Still Clueless - Common misunderstandings. Tim Howgego, 12th July 2008. Related topics: Advertising, El, Malvertising, Uncategorized. [...] [...] Malicious Ads getting More Attention — People Still Clueless – Common misunderstandings. Tim Howgego, 12th July 2008. Related topics: Advertising, El, Malvertising, Uncategorized. [...]

]]>
By: Jeremy http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-16380 Jeremy Fri, 30 Nov 2007 21:23:07 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-16380 Mike, I am glad you were as upset as I was with that article, the next big thing they are doing is rotating the ads via iframes, so you can't catch them as easily since they are making the ad decision at the backend and you never see the correct creative until its already hit the sites and you have the complaints. Ad Operations is a thankless job and that E-week story implied that we didn't even know about these things until now.. How lame Mike,

I am glad you were as upset as I was with that article, the next big thing they are doing is rotating the ads via iframes, so you can’t catch them as easily since they are making the ad decision at the backend and you never see the correct creative until its already hit the sites and you have the complaints.

Ad Operations is a thankless job and that E-week story implied that we didn’t even know about these things until now.. How lame

]]>
By: Frank http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-15702 Frank Mon, 26 Nov 2007 04:57:27 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-15702 I agree with you and Rob! The only way this problem can be fully annihilated is with a system that allows for only a pre-approved set of third party servers. I agree with you and Rob! The only way this problem can be fully annihilated is with a system that allows for only a pre-approved set of third party servers.

]]>
By: Mike http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-15664 Mike Sun, 25 Nov 2007 20:42:36 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-15664 Hi Frank, First off -- the auditing team would have to extract and analyze the actionscript of every creative. 99% of all flash files have totally innocuous and standard actionscript -- easily identified by a normal person with a tiny bit of training. The other 1% would then pass through further inspection -- For creatives that rely on third party servers, certain could be "certified" (eg pointroll for rich-media), and all other creatives would be thrown out. Because the flash will be hosted by the repository, there will be no way of altering the action-script and if only approved third party servers are allowed then no malicious ads should be able to sneak in. -Mike Hi Frank,

First off — the auditing team would have to extract and analyze the actionscript of every creative. 99% of all flash files have totally innocuous and standard actionscript — easily identified by a normal person with a tiny bit of training. The other 1% would then pass through further inspection — For creatives that rely on third party servers, certain could be “certified” (eg pointroll for rich-media), and all other creatives would be thrown out.

Because the flash will be hosted by the repository, there will be no way of altering the action-script and if only approved third party servers are allowed then no malicious ads should be able to sneak in.

-Mike

]]>
By: Frank http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-15594 Frank Sun, 25 Nov 2007 08:23:30 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-15594 This problem might me more difficult than the ordinary eye can see. Meaning what prevents these dubious people from tweaking the action scripts to do something else right after it has been certified by this central body? For example one can instruct the script to provoke a legitimate action from a 3rd party server(which the central body will ok) and then change that action to something else after the creative has been approved. This problem might me more difficult than the ordinary eye can see. Meaning what prevents these dubious people from tweaking the action scripts to do something else right after it has been certified by this central body?
For example one can instruct the script to provoke a legitimate action from a 3rd party server(which the central body will ok) and then change that action to something else after the creative has been approved.

]]>
By: Rob Leathern http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-15575 Rob Leathern Sun, 25 Nov 2007 06:03:12 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-15575 I have overseen the review of thousands of ads using Right Media's system, with daily incremental reviews. The problem is, though, if you're daisy-chaining with various ad networks and are accepting third-party tags, other creative can be swapped in ... and in fact we sometimes found that in the evenings some of the "safe" ads we saw got switched for non-family safe adult ads. Of course, spyware-launchers and other types of ads showed up less frequently after all our precautions, but they were still not 100% eradicated. I agree the industry needs to do more to set some standards here if it display is to continue to grow and improve. I have overseen the review of thousands of ads using Right Media’s system, with daily incremental reviews. The problem is, though, if you’re daisy-chaining with various ad networks and are accepting third-party tags, other creative can be swapped in … and in fact we sometimes found that in the evenings some of the “safe” ads we saw got switched for non-family safe adult ads. Of course, spyware-launchers and other types of ads showed up less frequently after all our precautions, but they were still not 100% eradicated. I agree the industry needs to do more to set some standards here if it display is to continue to grow and improve.

]]>
By: B. Nones http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-15300 B. Nones Fri, 23 Nov 2007 04:30:54 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-15300 Strange that you mention this, as we're about to launch what could very likely be a safe repository of malware-free ads: www.brandjury.com Mike, email me if you get a chance. I've not been able to find a way to get in contact with you, and didn't know how often you checked this blog. Strange that you mention this, as we’re about to launch what could very likely be a safe repository of malware-free ads: http://www.brandjury.com

Mike, email me if you get a chance. I’ve not been able to find a way to get in contact with you, and didn’t know how often you checked this blog.

]]>
By: Sandi http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-15279 Sandi Thu, 22 Nov 2007 23:21:01 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-15279 :o) Do I sense a little frustration in your post? I've been saying pretty much the same thing: http://msmvps.com/blogs/spywaresucks/archive/2007/11/07/1285567.aspx The problem isn't new, but what is new is the big name sites that have been hit. In the past the problem has been most prevalent on small sites that use cheap advertising. In the past couple of weeks I've worked on outbreaks that have hit ok-magazine, allmusic.com, the Sensis network (that was a biggy) and tonight I have received word that National Geographic has been hit. Then there are the outbreaks that I haven't had personal experience with that I heard of that have allegedly hit The Economist, Groups MSN and a couple of other big names. It's getting to the stage where the industry as a whole will have no choice but to make the changes that you suggest - it is that or audit every single advertisement that comes through - it'll be cheaper and easier to follow your actionscript suggestion. Note, I haven't caught a redirect at National Geographic yet, but it's only a matter of time. :o ) Do I sense a little frustration in your post? I’ve been saying pretty much the same thing:

http://msmvps.com/blogs/spywaresucks/archive/2007/11/07/1285567.aspx

The problem isn’t new, but what is new is the big name sites that have been hit. In the past the problem has been most prevalent on small sites that use cheap advertising.

In the past couple of weeks I’ve worked on outbreaks that have hit ok-magazine, allmusic.com, the Sensis network (that was a biggy) and tonight I have received word that National Geographic has been hit. Then there are the outbreaks that I haven’t had personal experience with that I heard of that have allegedly hit The Economist, Groups MSN and a couple of other big names.

It’s getting to the stage where the industry as a whole will have no choice but to make the changes that you suggest – it is that or audit every single advertisement that comes through – it’ll be cheaper and easier to follow your actionscript suggestion.

Note, I haven’t caught a redirect at National Geographic yet, but it’s only a matter of time.

]]>
By: Ben http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/comment-page-1/#comment-15261 Ben Thu, 22 Nov 2007 20:15:21 +0000 http://www.mikeonads.com/2007/11/22/malicious-ads-getting-more-attention-people-still-clueless/#comment-15261 Mike, I believe that admonsters has an ongoing project to institute something like a Safe creative repository that you have mentioned. You can see it at http://www.admonsters.org/archives/2007/10/96 Http://onlinecreativeportal.com In addition there has been talk in the IAB about such a thing coming from that body The key will be to have the agencies and advertisers fully buy in. The publishing communities will be able to reap the benefits of such a system almost immediately, but the workflow for the agencies will have to change and it is diffacult for the publishers to "not" accept creative directly. There is also a need for a notification system that notifies all parties when creatives are switched out behind third party tags. Much of the malware conundrum is a result of creative that was changed mid-flight behind a tag. Mike,

I believe that admonsters has an ongoing project to institute something like a Safe creative repository that you have mentioned. You can see it at

http://www.admonsters.org/archives/2007/10/96
Http://onlinecreativeportal.com

In addition there has been talk in the IAB about such a thing coming from that body

The key will be to have the agencies and advertisers fully buy in. The publishing communities will be able to reap the benefits of such a system almost immediately, but the workflow for the agencies will have to change and it is diffacult for the publishers to “not” accept creative directly.

There is also a need for a notification system that notifies all parties when creatives are switched out behind third party tags. Much of the malware conundrum is a result of creative that was changed mid-flight behind a tag.

]]>