Mainstream Media Finally paying attention to Malware Advertisements on Exchanges? Why have they been ignoring it until now?
Someone sent me this week an article from MarketingVox, an interactive advertising blog that referenced an article on Wired Magazine that proclaimed Amorize a security firm of some sort, found that DoubleClick was distributing malware via its exchange. According to the article the firm had “Alerted” DoubleClick to this problem, and DoubleClick acknowledged this threat and did something about it. This really irks me that Wired wrote an entire article dedicated to this, because this is not a one-time problem but instead a problem that occurs on a daily basis in the industry with little or no coverage from the media, mainstream, industry-focused or otherwise. This is because many of the companies involved are blatantly lying about the issues that they face and ignoring the growing threat of malware and other frauds in their exchanges.
I have a large media list that I often contact regarding serious issues, including MarketingVox and Wired. However, despite sending entire reports that layout the fraud issue in the industry, showing them malware and other issues, the media in general does not want to report these issues. In fact, most members of the media have come back to me and made it clear that reporting malware fraud in online advertising isn’t that interesting, and they’d rather cover things like WikiLeaks. Those in industry media have told me similar things, but some of them have made it clear that if they report that a network has malware problems, they risk losing advertising dollars and would rather publish fluff articles about pixel tracking and privacy issues because its “safe” to talk about right now.
Worse than this, companies like Google’s DoubleClick exchange have basically ignored emails sent to them when I inquire about malware that I catch on the system, and have refused to assist in any investigations regarding this. I have not once received a single email from someone at DoubleClick regarding my inquiries into frequent issues on the exchange, despite the fact that I was personally involved with the creation of this exchange. They had no problems hiring my company to help them create the exchange, but now since they have sold to Google, they want to ignore what is a growing issue and problem with them and other exchanges.
While the media is concentrating on ridiculous articles that claim that pixels are somehow stalking users, the industry has basically hidden one of the growing threats to interactive advertising. As more and more companies get on exchanges, as more and more people are desperate for advertising dollars, scammers have learned that they can always fool some newbie on an exchange to put up malware. Even worse, many of these companies on the exchange, I believe are complicit in many of the scams (from popups, to malware) because of the enormous amounts of money they sometimes make. There are networks that I have identified, that Ben Edelman has identified over and over again as the main perpetuators of malware, pop-ups and other fraudulent forms of advertising – yet the exchanges have done little or nothing to remove these networks off the exchanges.
It’s simple: despite years of my coverage and pushing exchanges and other networks to make significant changes in the way they handle malware and fraud issues, the media hasn’t covered it. Many of the fraudulent networks that are on these exchanges are paying huge fees to the exchange, propping up the prices and paying their bills – so there is no reason to “catch” them. They shut off the ads, tell the offending network they’ve caught something, over and over again. Those networks continue to allow questionable advertisers into the exchanges, and nothing changes.
I ask readers what needs to be done to get these exchanges to start making changes that positively affect our industry instead of ignoring these issues?
One Response to “Mainstream Media Finally paying attention to Malware Advertisements on Exchanges? Why have they been ignoring it until now?”
Leave a Reply
(C) 2010 Pace Lattin. It is the policy of this blogger to not edit or remove any content and comments, unless it is specifically attacking a protected group or irrelevant to the conversation, such as a spam. These are the OPINIONS of the respective writers, posters, commentators. All DCMA Notices shoudl be sent to pace@pacelattin.com
Excellent article! We’re taking a different tact. For example, even if an ad is ok ‘one day’ the next the sites landing page may become infected (on purpose or accidently).
This is why we’ve developed our openx adserver malware scanner plugin. Currently in alpha-stage we hope to release this in the coming weeks.
As well, our scanner actually tests the page as a user (that is, executes the js, follows the ads, etc.) looking for malware.
For any site owner, the worst thing (which we see very often) is the site owner displaying malwared ads – without their knowledge. Thats bad enough. Worse yet is if the friendly googlebot comes by at that time, you’ll get blocked and placed on the badware list. Yes, even if it was adsense ads displaying.
Nice huh.