Blog

Oct 09, 2018

Fraudsters Are Masquerading as Real DSPs

This morning, AdExchanger’s Allison Schiff published an article titled “Fraudsters Are Masquerading as Real DSPs,” concerning a spoofing incident that Ad Lightning brought to her attention.  

To sum it up, Ad Lightning discovered recently that a fake company calling itself Amobi Inc. —hoping to be confused with legitimate DSP Amobee — had managed to fool some exchange partners, blending in with real ad calls as a way to disseminate malware and those insidious forced redirects through a hijacked Claritin ad.  

In order to appear legitimate, the company had set up a fake website — not unusual — but went so far as to create fake LinkedIn profiles (which have since been removed).

Ad Lightning brought the information to OpenX and Pubmatic who subsequently blocked Amobi from their demand.  While it was live, the ad was blocked by Ad Lightning 500,000 times.

Take some time to read the article.  It features an interview with Ad Lightning’s CEO Scott Moore and is a great snapshot of what goes on behind the scenes every day as ADL and its partners work together to battle the ongoing challenges of ad fraud.  Just another day in the life of digital advertising!

Ad Lightning offers the most comprehensive ad intelligence platform, focused on bringing transparency and control to a chaotic programmatic world by helping publishers and exchanges manage their ad quality more effectively.  Give us a call today.

Read More

Sep 14, 2018

Anatomy of a Video Stuffing Ad

A recent Ad Lightning study indicated that nearly a third —28% of all Internet ads — are ‘bad ads,’ meaning they are oversized, malicious, offensive or non-compliant with IAB standards or publisher specific ad policies.  The full survey is available here.

With that said, when you lift up the hood, what, exactly, does a bad ad look like? The screenshot below is a great example of an ad gone wrong — completely unbeknownst to the advertiser — that would cause notable interruption to the user experience and become a major headache for a publisher.

So let’s break it down— below is the anatomy of this bad ad:

Ad Requests, Video Stuffing & Malware

There are a whopping 837 requests are embedded in this one ad.  The IAB standard for LEAN ads, or ads that offer a “lightweight user experience to maximize initial page load performance” among other guidelines, is 10 file requests per ad.  Even when factoring in more requests to enable a programmatic transaction, anything over 150 is highly suspicious. 

In this case, when looking more closely at these requests it appears that one of the calls is actually loading a video player. 

Within the video player, we can then see that a secondary pre-roll auction is taking place behind the static ad that was displayed on page load.  The auction is driving up the number of requests fired from the ad.  You can see that a lot of legitimate players are unknowningly getting caught up in the mix!

Ad Lightning has extracted a specific signature (unique ad identifier) that is responsible for this behavior.  That signature, b=e97530f114336b11bsw, was categorized as malware in a previous scan and is being flagged as known in this report.

File Size & Ad Payload

With all of the resources it's taking to load this particular creative, the ad payload has exceeded the recommended IAB spec for initial load and total load.  At 1.61MB, the user experience is likely to be impacted significantly.  The ad image itself isn't too far out of spec, however — with the addition of the player alone — the file size is doubled. 

Data Collection

With multiple video auctions taking place within the ad, it's no surprise that over 564 cookies were dropped from over 35 data collectors. In addition to driving latency, this can be problematic for two reasons:

  • Data leakage:  Unknown or unapproved entities can steal valuable audience data and use that to build audiences that are off property.
  • GDPR & other data regulations: It's critical that users in the EU consent to each entity collecting data. If unapproved collectors are identified, there are significant financial consequences for the publisher. 

This deep dive into one bad ad illustrates how easy it is for the user experience to go off the rails and why advertisers, publishers and users alike are fed up. It’s time to take a scalpel to the influx of bad ads that are the scourge of every digital publisher trying to provide quality journalism and other important content to their loyal readers.   Let Ad Lightning help you identify and block nefarious ads on your properties — give us a call today.

Read More

Sep 10, 2018

“Blockers Alone Won't Cure Malvertising Woes?”

The Media Trust Analysis versus Ad Lightning’s

An article titled “Blockers Alone Won't Cure Malvertising Woes” that appeared in InfoSecurity Magazine last week was both interesting and also a bit surprising to me.

The piece describes how “cybercriminals have found new ways to bypass blocker defense solutions and execute their malicious code,” and cites a blog written by The Media Trust CEO Chris Olson in which he claims that “blockers are not the complete solution some publishers might think they are.”

At Ad Lightning, we can agree with the premise that applying a blacklist to raw markup isn’t going to catch everything and that a multi-pronged approach is essential. Both scanning and blocking are vital, and sandboxing —a technique that loads a site’s ads in separate windows, or iframes, to ensure the ads can’t be redirected—can also be helpful.  Ad Lightning, of course, provides all three functions, setting a new standard for accountability and protection that our industry desperately needs.

The Media Trust post goes on to say that “at least 90% of malware used in malicious mobile redirects are obfuscated so they can elude blockers, and that percentage is growing as bad actors develop new obfuscation techniques.” That is categorically untrue —a high level of obfuscated code doesn’t mean blockers are going to fail. It’s true that malware contains high levels of obfuscated code, but Ad Lightning can trace the ad itself to a blockable signature, domain or ad ID.

In addition, according to The Media Trust’s analysis, third-party malware data sources “take an average of three to five days to identify and record malware and as a result, by the time a third-party filter is updated, at least 8,600 attacks could have occurred over a three-day period, 14,400 over five days.”  At Ad Lightning, we know three to five days may as well be a lifetime to a publisher when it comes to identifying malware. It typically takes us less than 24 hours to process a new outbreak of offenders and get them on blocklists, and we are fairly confident that, in time, we can we can get this process down to 10 minutes.  Three to five days would never be our standard.  As an example, a recent signature, d22nv8evmr3d8f.cloudfront.net, was determined to be malicious and actively blocked within 12 hours.  It was blocked over 2.2 million times in under two weeks.

Overall, Ad Lightning clients know how successful we are at finding and blocking bad ads, including sneaky malware, and we do it faster than anyone else with our market-leading ad intelligence platform.   Let us help you today!

Read More