Online Trust Alliance says it confirmed incidents of malvertising on 3,500 sites and 200 unique ad networks.
More than 10 billion online ad impressions served up in 2010 carried malware, according to recent research from Online Trust Alliance. The organization, dedicated to establishing best practices for ensuring data privacy and security online, argues that delivery of ads transferring malicious code could be prevented if ad networks and other ad third parties took care to know their business partners.
The organization estimates most of the malvertising served last year came in the form of display ads, and many of the ads emanated from outside the U.S. Based on aggregate data from ad serving firms, OTA reported in December that it confirmed nearly 19,000 incidents of malvertising last year occurring across 3,500 sites and 200 unique ad networks.
To arrive at its estimate of 10.8 billion bad ad impressions, the group estimated the number of impressions that ran on average per incident in a typical three-day period - the average number of days a malvertising campaign runs before it’s discovered and stopped. Ads carrying malicious code usually enter through unverified ad agencies submitting them into the supply chain. "Legitimate advertisers are being compromised; they're a victim as well," said Craig Spiezle, executive director of the OTA.
"Every major ad network, whether it's Yahoo, Microsoft or Google, has experienced this," said Spiezle. The group calls malvertising a low frequency but high impact security problem. While Spiezle acknowledges the yearly estimate of 10 billion malvertising impressions is miniscule compared to the number of ad impressions that run online in total, he said the estimate is "very, very, very conservative." ComScore measured around 417 billion ad impressions in September 2010 alone. "The last thing we want is for consumers to be fearful of the ads," added Spiezle.
Typically, the bad ads carry code that captures the "fingerprint" of a user's machine, determining what software it's running, tracking key strokes, and grabbing logins and passwords. "For a machine that's exposed to this and is unprotected, anything is fair game," said Spiezle.
"We know it's well over 10 billion" impressions, said Spiezle, adding, "The challenge is this is a moving landscape." The OTA will discuss the research findings at the RSA security conference in San Francisco Monday.
Spiezle said the OTA does not know how many malvertising impressions have been intercepted by browsers or security software.
The OTA, a group founded in 2004 that counts around 80 different companies including eBay, Chase, Symantec, Microsoft, and even the U.S. Senate and U.S. Postal Service as members, publishes scorecards rating adoption of best practices by entities dealing with online data.
"This is an industry-wide issue.... This could really impact consumer trust and the vitality of interactive advertising as we know it," Spiezle said. "The supply chain was not built with a security goal in mind."
Want to learn more? Join us at ClickZ Live New York 2015
[ALERT] Super Saver Rates Expire January 30. With over 15 years of experience delivering industry leading events, ClickZ Live brings together over 50 expert speakers to deliver an action-packed, educationally-focused agenda covering all aspects of digital marketing. Quick! - Register today to secure your place at the best rate.
Kate Kaye was Managing Editor at ClickZ News until October 2012. As a daily reporter and editor for the original news source, she covered beats including digital political campaigns and government regulation of the online ad industry. Kate is the author of Campaign '08: A Turning Point for Digital Media, the only book focused on the paid digital media efforts of the 2008 presidential campaigns. Kate created ClickZ's Politics & Advocacy section, and is the primary contributor to the one-of-a-kind section. She began reporting on the interactive ad industry in 1999 and has spoken at several events and in interviews for television, radio, print, and digital media outlets. You can follow Kate on Twitter at @LowbrowKate.
Singapore, 5-6 March
Bangkok, 17-18 March
Hong Kong, April 2015
Google My Business Listings Demystified
To help brands control how they appear online, Google has developed a new offering: Google My Business Locations. This whitepaper helps marketers understand how to use this powerful new tool.
5 Ways to Personalize Beyond the Subject Line
82 percent of shoppers say they would buy more items from a brand if the emails they sent were more personalized. This white paper offer five tactics that will personalize your email beyond the subject line and drive real business growth.
January 29, 2015
1:00pm ET/10:00am PT