Delivering Malware Programmatically Is Too Easy

Imitation may be the sincerest form of flattery, but buying platform Amobee was less than impressed that a fly-by-night fraud operation decided to call itself Amobi while spreading malicious code through fake Claritin ads.

While investigating the aforementioned antihistamine bamboozle, Ad Lightning discovered that the source was a buyer named Amobi, obviously banking on confusion to get its bad wares into the programmatic pipes of PubMatic and OpenX. As AdExchanger notes, neither had a relationship with Amobi.

Fraudsters posing as legit programmatic buyers to spread malware has been a growing trend, with Confiant busting the Zirconium ring of 28 fake ad agencies in 2017. False buyers are also key parts of money-laundering operations that leverage the programmatic pipes, according to fraud researcher Dr. Augustine Fou.

The Amobi charade drew particular attention—and a lot of #adtech snickers—because of its bold name choice, but this kind of fraud committed on publishers is far too common to garner laughs.

As Confiant noted in its recently released Ad Quality report, 0.5% of ads coming through the open programmatic marketplace contain malicious code—considering that billions of creatives are swimming through the pipes, even such a small percentage is a cause for pause. While 2.3% of ads coming through “Tier 2” exchanges and SSPs (as defined by Confiant) contain malicious code, the supposed Tier 1 marketplaces still allow 0.5% of malware pass.

“How does this kind of entity pass a credit check in the first place?” tweeted industry veteran Eric Franchi.  You don’t have to pass a credit check no one performs—somebody was careless and wanted a fast cash injection. AdExchanger and OpenX stayed mum on which DSP fell for Amobi’s scheme.

As tempting as it is to roll your eyes, it’s outrageous that such an obvious fraud easily delivered malware across publishers. It’s absolutely infuriating that this type of fraud is so common.

Here’s the thing—in aftermath of the header bidding boom, major premium publishers have been cutting down on demand partners. Pubs are on the hunt for unique demand sources and higher-quality programmatic creative.

The mobile redirect plague has worn down publishers, but not to the point of resignation; the amount of malicious ads invading their properties is gaining weight in demand partner evaluations. Real-time blocking is a handy tool, but it alone can’t halt malvertising—particularly when so much can be attributed to bad behavior by supposedly trustworthy partners.

Quality control has to echo up the chain—exchanges and SSPs need to be as rigid with their partners as publishers are. There’s always a lot of finger-pointing among the programmatic intermediaries when one of these malware episodes blows up, as well as shrugging and saying, “Fraudsters gonna fraud.”

That’s not good enough, particularly as the open programmatic market tightens thanks to industry initiatives like Ads.txt (note—Ads.cert will go a long way to curtailing such fraudulent behavior), better creative quality control resources, and good ol’ consolidation. Due diligence between intermediaries is a must, lest their best inventory sources pull the plug.

The time of cutting corners is over—we’re going to clean up this space somehow, possibly from the bottom (ahem, supply side) up.