Another step forward in the fight against malvertising

Last week, Google announced that it will now be taking a zero-tolerance approach to dealing with advertisers that place ads that violate its terms of service, including malicious ads that can infect users with malware. Google had previously been removing these ads from its network as it identified them; it will now be permanently disabling the AdWords accounts of the advertisers that put those ads into its network. This new policy shift should force individual advertisers and affiliate to think twice before placing malicious ads with Google, but hopefully it will also start to make an impact in addressing the broader malvertising threat.

To provide some context, the quality and safety of ads has been a concern for users, publishers, advertisers, and technology companies since advertising first appeared on the web more than a dozen years ago. Some of the first ads embedded in webpages took the form of banners -- some of which were criticized for the bandwidth that they required when most of the world was still using dial-up modems to access the Internet, and for their "loudness."

As companies such as Sun and Netscape worked together to bring more interactive forms of content and ads to browsers, sandboxes like the Java Virtual Machine were introduced to protect users from potentially malicious interactive content. In parallel to the development of Java, other forms of interactivity were brought to market, including JavaScript, ActiveX, Flash, and Shockwave, and different levels of security and interactivity distinguish these technologies. Some of them leverage browser "plugins" that ran code natively and in an unrestricted fashion on the user's machine (such as ActiveX), while others employ sandboxes in an attempt to protect users (though not always effectively). Often, functionality wins out over security when developers are faced with the pressing market needs of advertisers and content publishers, leading to much more frequent uses of technologies that are more interactive but less safe than technologies that are less interactive but more safe.

As a result, we today have a world where attackers interested in harming users with malicious ads can take advantage a large variety of vulnerabilities in browsers, plugins, and operating systems to do so. Here at Dasient, we've seen a significant increase in the amount of malvertising activity in the last year, and have worked with a number of companies and site owners who have been impacted by it. Some of these sites' users were infected by malicious ads; others ended up on the unsafe-site blacklists maintained by search engines, browsers, and anti-virus companies. Either way, the sites ended up losing traffic, revenue, and brand equity because a malicious ad popped up on their site via a syndicated ad network.

We're optimistic that Google's new policy shift will inspire similar moves from other online ad syndicators, and that in turn the advertisers and affiliates who traffic in malicious ads will have fewer channels to distribute their wares. Some commentators are already arguing that it won't; that not everyone can afford to take Google's principled stand. We hope that's not the case, but either way, it'll likely take a long time to stamp this threat out altogether. In the meantime, businesses and site owners interested in protecting their users and their reputation on the web can take advantage of tools like Daisent Web Anti-Malware (WAM), which regularly monitors your site and provides you with immediate alerts and detailed diagnostic information as soon as an infection or a malicious ad is detected.

To learn more about Dasient WAM, check out this page. And for all the latest news on web-based malware and the security space in general, be sure to follow us on Twitter at http://twitter.com/dasient.