Malware is a blanket term that applies to any software planted on the user’s device with malicious intent. It’s come a long way from that old bogeyman of the rogue hacker launching “gotcha!” viruses, which captured the public imagination in the ‘90s. Now it’s a very different bogeyman, and malware is big business for criminal elements internationally.
Malware is a problem for ad ops, because an ad slot presents a juicy opportunity for bad actors to deliver malicious code directly to the user—they’ll just slip the code into the creative of an ad. Bad actors can rely on the white noise of the ad exchanges to slip through, masquerading as a totally legit buyer. But the programmatic market isn’t the only point of entry—malware can ride in on the tails of a direct campaign, too.
A lot of the time, folks will talk about malware as if it’s a problem for programmatic and for long-tail publishers. But in reality, no one is immune, and bad actors target premium publishers just the same. Malware developers move quickly and deftly. They’ll anticipate where their path will be blocked, and if they can code a workaround, they will. Despite scanning for malware at every level along the supply chain, bad actors manage to evade security and execute attacks. And while the pervasive tactic or attack du jour makes good news copy, malware developers somewhere will take advantage of that focus by launching something new and unexpected via another tactic or channel.
When we say “tactics,” here are some of the most common varieties, because malware behaves in several different ways:
Worm: A code that replicates itself and spreads to other computers. Trojan horse: A file that resembles something else to the user, who downloads it, which gives bad actors backdoor access to private or sensitive information.
Spyware: Software that lives on the user’s device without the user’s knowledge, and sends information about them and their activity to another party.
Adware: Software that creates unwanted ad placements on web pages (pop-ups/unders, etc.) to generate revenue for bad actors.
Ransomware: Software that freezes the device or locks out the user and demands the user pay the bad actor in order to regain control.
Bots: Fraudulent ad impressions generated by bot/non-human activity, on the user’s device or in a remote location.
Malware prevention calls for a multi-pronged strategy for ops teams. Known bad actors must be blacklisted. Malware must be removed whenever it’s found. Tags and landing pages coming in from partners must be reviewed. Frequent scanning is advised. Publishers should create and follow vendor verification guidelines. And buyers must be vetted and certified—hidden contact information or mismatched domains are flags that a bad actor might be impersonating a legit brand.
To Protect and Serve: A Conversation on Malware, Video and HTML5 With GeoEdge’s Amnon Siev (2016)
TAG, You’re It: Beyond TAG Malware Scanning Guidelines (2016)
AdMonsters Playbook: User Experience (2015)
Where User Experience and Ad Ops Collide (2015)
The Ad Ops Pat Down: The Creative QA Process (2013)
QA in the Videoscape: Keeping Quality in Line With Demand (2015)