Blog

“Blockers Alone Won't Cure Malvertising Woes?”

Written by Kate Reinmiller | Sep 10, 2018 2:07:00 PM

The Media Trust Analysis versus Ad Lightning’s

An article titled “Blockers Alone Won't Cure Malvertising Woes” that appeared in InfoSecurity Magazine last week was both interesting and also a bit surprising to me.

The piece describes how “cybercriminals have found new ways to bypass blocker defense solutions and execute their malicious code,” and cites a blog written by The Media Trust CEO Chris Olson in which he claims that “blockers are not the complete solution some publishers might think they are.”

At Ad Lightning, we can agree with the premise that applying a blacklist to raw markup isn’t going to catch everything and that a multi-pronged approach is essential. Both scanning and blocking are vital, and sandboxing —a technique that loads a site’s ads in separate windows, or iframes, to ensure the ads can’t be redirected—can also be helpful. Ad Lightning, of course, provides all three functions, setting a new standard for accountability and protection that our industry desperately needs.

The Media Trust post goes on to say that “at least 90% of malware used in malicious mobile redirects are obfuscated so they can elude blockers, and that percentage is growing as bad actors develop new obfuscation techniques.” That is categorically untrue —a high level of obfuscated code doesn’t mean blockers are going to fail. It’s true that malware contains high levels of obfuscated code, but Ad Lightning can trace the ad itself to a blockable signature, domain or ad ID.

In addition, according to The Media Trust’s analysis, third-party malware data sources “take an average of three to five days to identify and record malware and as a result, by the time a third-party filter is updated, at least 8,600 attacks could have occurred over a three-day period, 14,400 over five days.” At Ad Lightning, we know three to five days may as well be a lifetime to a publisher when it comes to identifying malware. It typically takes us less than 24 hours to process a new outbreak of offenders and get them on blocklists, and we are fairly confident that, in time, we can we can get this process down to 10 minutes. Three to five days would never be our standard. As an example, a recent signature, d22nv8evmr3d8f.cloudfront.net, was determined to be malicious and actively blocked within 12 hours. It was blocked over 2.2 million times in under two weeks.

Overall, Ad Lightning clients know how successful we are at finding and blocking bad ads, including sneaky malware, and we do it faster than anyone else with our market-leading ad intelligence platform. Let us help you today!