Last week, Google announced that it will now be taking a zero-tolerance approach to dealing with advertisers that place ads that violate its terms of service, including malicious ads that can infect users with malware. Google had previously been removing these ads from its network as it identified them; it will now be permanently disabling the AdWords accounts of the advertisers that put those ads into its network. This new policy shift should force individual advertisers and affiliate to think twice before placing malicious ads with Google, but hopefully it will also start to make an impact in addressing the broader malvertising threat.
To provide some context, the quality and safety of ads has been a concern for users, publishers, advertisers, and technology companies since advertising first appeared on the web more than a dozen years ago. Some of the first ads embedded in webpages took the form of banners -- some of which were criticized for the bandwidth that they required when most of the world was still using dial-up modems to access the Internet, and for their "loudness."
As a result, we today have a world where attackers interested in harming users with malicious ads can take advantage a large variety of vulnerabilities in browsers, plugins, and operating systems to do so. Here at Dasient, we've seen a significant increase in the amount of malvertising activity in the last year, and have worked with a number of companies and site owners who have been impacted by it. Some of these sites' users were infected by malicious ads; others ended up on the unsafe-site blacklists maintained by search engines, browsers, and anti-virus companies. Either way, the sites ended up losing traffic, revenue, and brand equity because a malicious ad popped up on their site via a syndicated ad network.
We're optimistic that Google's new policy shift will inspire similar moves from other online ad syndicators, and that in turn the advertisers and affiliates who traffic in malicious ads will have fewer channels to distribute their wares. Some commentators are already arguing that it won't; that not everyone can afford to take Google's principled stand. We hope that's not the case, but either way, it'll likely take a long time to stamp this threat out altogether. In the meantime, businesses and site owners interested in protecting their users and their reputation on the web can take advantage of tools like Daisent Web Anti-Malware (WAM), which regularly monitors your site and provides you with immediate alerts and detailed diagnostic information as soon as an infection or a malicious ad is detected.