While the majority of online ads are perfectly safe, there have been cases where criminals have used them to spread malware. In some cases, the ads themselves contained malicious code that would infect vulnerable systems with malware. A more common technique used by cybercriminals is to run ads for websites whose sole purpose is to spread malicious software. Sometimes, the page itself would contain code that infects the user’s computer. In other cases, the malware would be bundled together with a seemingly innocent application, such as a free movie player or screensaver.
Once malware infects a computer, it can allow cybercriminals to use is as part of a bot network. Criminal organizations have used these infected computers for a variety of nefarious purposes, such as launching denial of service attacks on websites, hiding their true IP address to make them harder to trace when they commit crimes online, as well as committing click fraud, which lets them defraud advertisers by sending fake traffic to their websites.
As the spread of malware can have serious repercussions on consumers, advertisers and publishers, the online ad industry has recently launched a program to combat it. The initiative was put forward by the Trustworthy Accountability Group (TAG), an industry watchdog fighting digital advertising fraud. Their new certification program requires online ad platforms to scan a reasonable percentage of the ads they serve to ensure that no malware is present in them. In order to obtain TAG’s “Certified Against Malware” seal, the companies must also abide by guidelines and best practices to fight against the distribution of malware.
As of now, an honor system is used and the ad platforms themselves are responsible for complying with the certification program’s standards. TAG is working on developing an independent verification system in the future. However, companies in the digital advertising industry have a strong incentive to comply with the anti-malware guidelines on their own, as the spread of malicious software hurts the entire industry. Advertisers lose money when they receive fraudulent ad clicks, digital advertising networks miss out on new clients as businesses become reluctant to use them if they fear they will be paying for fake visitors, while consumers become suspicious of any form of digital advertising, which can lead to an increased use of ad blocking software.
Many important players in the online advertising industry have agreed to participate in the program. These include RocketFuel, Google, AppNexus and OpenX. More are expected to join in the next few weeks.