3 Common Malicious Tactics: A Peek Into How Malware Operates
Life would be much easier for the digital advertising community if fraudsters were more blatant with their malicious tactics. Maybe a giant neon billboard with a flashing arrow and words that scream “Forced Redirect and Malware, Next Exit.” But, alas, that’s not the case for publishers and the rest of the ecosystem. Bad actors and their bad ads are far more subtle than that.
That means the ad quality solution you choose to protect your brand, customers, and stakeholders must be up to the task. It’s simply not enough to identify those massive malvertising billboards along the digital ad highway – they should be a given. In fact, through three real-world examples, I’m going to show you some of the most common gaps in the ad quality armor we’ve seen in the ecosystem and discuss what you can do to fill them.
1. When a Pixel Isn’t Just a Pixel
Advertisers think of a picture as a creative asset that engages a customer and propels them further down the sales funnel. But as many publishers have already learned the hard way, danger can lurk in a harmless-looking, diminutive 1x1 pixel.
Steganography is a big word with a potentially sinister underlying meaning for publishers – sometimes, a pixel isn’t just a pixel. What might look like a typical picture file at first is actually a loaded weapon, where fraudsters inject JavaScript code into the image. In other words, either something in the creative or appended to the creative carries the loaded pixel that triggers the malware.
When a user opens a page with this malicious code hiding in plain sight, the code loads and redirects the user away from the intended content and directly into harm’s way. This technique is one of the most extreme ways that a bad actor will attempt to hide their footprint.
Frustratingly for a publisher, the malicious code is essentially under their nose the entire time. However, without an ad quality solution that leaves no malvertising stone unturned, it can easily slip through the cracks and wield its special kind of damage to a brand and the UX.
2. CDN’s Can Deliver Performance With a Steep Price
We all know why content delivery networks (CDNs) are so prevalent across today’s digital landscape. They provide a fast and satisfying UX, even for an audience spread throughout the globe. And to state the obvious, satisfied users are return users, often making CDNs indispensable for serving content quickly and efficiently.
But like many other tools that publishers use to improve the UX and operational efficiencies, CDNs are also susceptible to bad ads, endangering the very UX that they’re meant to bolster and enhance in the first place. By implanting code within an ad that enables malicious behavior at some point down the road – sometimes even hardcoded into the files themselves – fraudsters effectively create a ticking time bomb, biding its time until it can detonate on unknowing publishers and users.
Within any given ad, the bad guys can reference a resource that the CDN serves, therefore avoiding having to use their own domain and giving them the ability to hide or move bad code at a moment's notice. Unfortunately, because the potentially malicious code looks like a benign file, image, or some other harmless piece of data, the ad breezes through the approval process and becomes part of the ecosystem. And then at some point in the future – boom.
Sounds pretty 007, right? That’s because it is. But for publishers, unless you have a multi-headed ad quality solution that can attack such subterfuge from the best angle – sometimes static analysis techniques like blocklists, other times dynamic analysis – you’re exposed to these timestamped weapons in CDNs. And that’s not good.
3. Bad Ads That Zig When You Zag
Lastly, what happens when you have malicious code that’s essentially prescient? Maybe not in the droid-driven cyber apocalypse sense of prescience from sci-fi movies, but self-aware enough to know when the ad it’s hitching a ride on is still under review by an ad server or exchange.
Some code is smart enough to know when to play possum, seeing the templating strings within the ad markup and proceeding down a non-malicious path. Basically, the ad is able to avoid detection during the pre-scanning phase, thereby alluding the grasp of any ad quality solution that solely relies on a scanning service.
But here’s where things get especially tricky. These types of heavily-obfuscated malicious code also slip through many real-time in-browser detection solutions as well, since, by the time it’s out of fingerprinting, the redirection has hidden itself within its own cross domain iframe. And within a cross-domain iframe, behavioral analysis techniques are also inadequate in blocking these highly-evasive malicious ads. That means your ad quality solution needs to have other methods to stop the script from executing.
Single-Point Solutions Won’t Cut the Malicious Mustard
So does all of this mean publishers should just wrap it up and call it a day? That the fraudsters have ultimately won the ongoing ad quality war with the industry? Of course not. It simply means that you can’t rely on a single-point solution. At least if you want to successfully combat all of the different shapes and colors of bad ads out there in the massive digital world.
The bottom line is this. Sometimes you need a blocklist. Other times, scanning or behavioral analysis is the most effective technique. And if your ad quality solution can’t seamlessly cover all of these bases and more, evolving in lock-step with an ever-changing environment, then you’re asking for trouble.
But that’s why Ad Lightning exists – to provide you with an ad quality partner in the truest sense of the term. We understand that a single tool just isn’t sufficient against such a clever, motivated enemy. At least if you want comprehensive protection against a bad actor’s full arsenal of tricks.
Sure, other providers might claim that their single-point solution is effective against the entire spectrum of malicious behavior out there. But to be blunt, those claims are empty and misleading. Only Ad Lightning gives you the scope of protection you need in this dynamic environment, and we know you and your customers will appreciate the difference.