For publishers, Malvertising is not only undesirable as well as detrimental to their reputation, but it is also a serious threat to users of their websites and can lead to painful litigation against the publisher, albeit through no fault of their own.
"Harmless" attacks automatically redirect users to other websites or install toolbars, and in the worst case, identity theft can also occur.
What is Malvertising?
Malvertising is an attack in which perpetrators inject malicious code into legitimate online advertising creatives. Typically, the code redirects users to malicious websites or make use of exploits to compromise computer systems
Malvertising vs. Ad-Ware
Malvertising is often confused with ad malware or ad-ware - another sort of malware attacking online advertisements.
Ad-ware is a program running on a user's computer. It's usually packaged with other, legitimate software, or is installed without the user's knowledge (like toolbars installed during another installation). Ad-ware displays unwanted advertising (or advertising on websites they usually do not even have advertising on it), redirects search requests to advertising websites, and mines data about the user.
Differences between Malvertising and ad malware include:
- Malvertising involves malicious code which is initially deployed on a publisher's web page. Ad-ware, however, is only used to target individual users
- Malvertising only affects users viewing an infected webpage. Ad-ware, once installed, operates continuously on a user's computer.
How malvertisements affect web users
Malvertising might execute the following attacks on users viewing the malvertisement without clicking it:
- Forced redirect of the browser to a malicious site.
- A "drive-by download" — installation of malware or ad-ware on the computer of a user viewing the ad. This type of attack is usually made possible due to browser vulnerabilities.
- Displaying unwanted advertising, malicious content, or pop-ups, beyond the ads legitimately displayed by the your demand partner.
Malvertising can do the following when users click a malicious ad:
- Redirect the user to a malicious website, instead of the target suggested by the ad's content
- Execute code that installs malware on the user's computer
- Redirect the user to a malicious website very similar to a real site, which is operated by the attacker (a phishing attack)
How does ConnectAd combat malvertising?
We take our job and the trust our publishers put in us very seriously. In addition to proprietary checks on advertising media, advertisers, and demand partners, we have been working with GeoEdge since November 2019. As a standard ConnectAd-feature, they continuously check all advertising delivered by our system, at no additional cost to our publishers.
It is important for us to handle our publishers' inventory with care and responsibility, so it seemed to us only right to enable the partnership with GeoEdge to cover the inventory of all our publishers, completely automatically and with no extra effort or costs for them.
GeoEdge is the premier provider of ad verification and transparency solutions for the online and mobile advertising ecosystem. The company's mission is to protect the integrity of the digital advertising ecosystem and to preserve a quality experience for users. It ensures high ad quality and verifies that sites and apps offer a clean, safe, and engaging user experience.
GeoEdge guards against non-compliance, malware, inappropriate content, data leakage, operational, and performance issues. Leading publishers, ad platforms, exchanges, and networks rely on GeoEdge's automated ad verification solutions to monitor and protect their ad inventory – without sacrificing revenue..
The company was founded in 2010 by a team with more than two decades of hands-on technical and online media experience.