About Us Membership Resources OTA Members Login

Anti-Malvertising  l   Data Breach   l   DNSSEC  l   Email Authentication    I    EV SSL Certs   l    Messaging Ecosystem Security 

ANTI-MALVERTISING RESOURCES

Tools & Resources          Press Release         News & Headlines             

Malvertising is the cybercriminal practice of injecting malicious or malware laden advertisements into legitimate online advertising networks. It can occur through deceptive advertisers or agencies running ads or compromises to the ad supply chain including ad networks, ad exchanges and ad servers.  It is a growing threat to the integrity of the ad supply chain and vector to distribute malware to unsuspecting users.  A malicious advertisement exhibits behavior including, but not limited to, conducting a drive-by-download, delivering deceptive downloads such as fake anti-virus pop-ups and/or redirecting the user to sites that the user has not elected to visit.

Today, cybercriminals are increasing the distribution of compromised ads to an expanded set of web properties with the potential of exposing millions of users daily.  In 2010, it was estimated nearly 10 billion ad impressions were compromised by malvertising.  Web sites, ad network and users need to be made more aware of the threat, as by just visiting websites that are impacted by malvertisements, users can get infected.

In July 2010, OTA formed a cross industry working group to share data and develop best practices to counter this growing threat.  The goals include:

  • Develop and promote voluntary best practices and guidelines

  • Develop standardized metrics, report and facilitate data sharing and collaboration with industry and law enforcement

  • Advance technical counter measures and solutions to help detect, mitigate and block threats

  • Protect the vitality of advertising supported online services

Anti-Malvertising Guidelines Released (pdf) - Reaching broad consensus with over 35 members of the taskforce OTA released the voluntary guidelines to help combat these threats. The ad supply chain is under attack and it is incumbent on all stakeholders to take reasonable steps to help protect consumers and the reputation of web sites from harm.  Real harm is occurring and millions of users are being unknowingly exposed to malware by simply visiting trusted sites.  OTA is calling on the security, business and interactive advertising communities to work together to help protect consumers from the harm. 

Malvertising Overview - Presentation overview of the fundamentals of the threat and anatomy of malvertising. 

 

Revised March 24, 2011