Malvertising and Malware Prevention

Are your ads effective? 
Or destructive? Protect your customers and your brand from malvertising.

There’s nothing like an online ad for offering quick discounts, getting the word out about a product, and driving traffic to a website. But more and more, online ads are being used by cybercriminals for fraudulent purposes, to spread viruses and spyware. Malvertisements – malicious ads placed on legitimate websites – can look just like real ads, and users don’t even need to click on the ad to become infected. With The Online Trust Alliance (OTA) estimating that nearly 10 billion ad impressions were compromised by malvertising in 2012, it’s easy to see why companies need to be on high alert.

How does malvertising work?

Cybercriminals often spread malware by posing as a trustworthy company and placing “clean” ads on trusted sites. Eventually they attack by inserting a virus or spyware in the code behind an ad. After targeting millions of users, they remove the virus, making it difficult to trace. Cybercriminals also hack trusted sites and inject viruses into existing banner ads.

Why aren’t malvertisements caught?

The simple answer is lack of visibility. Because many publishers and ad networks contract out to third party ad providers, which may outsource to others, advertisers don’t have full control over security practices. With this highly insecure ad supply chain, one weak link can take everyone down. In addition, malvertisers often mount their attacks over the weekend, when IT departments are slower to respond.

Take steps to secure your mobile apps today

With the constantly evolving mobile landscape, it’s imperative to keep a pulse on your mobile app presence to ensure compliance and protect your brand. Here are three keys for gaining visibility and control over your mobile assets:

1. Discovery:

Scan app stores for known apps and apps on the open web. In addition to the Apple App Store and Google Play, include secondary and affiliate stores in the discovery process. Build a continuous inventory of your apps and rogue apps that could be targeting you. 

2. Continuous Analysis:

Continuously monitor your mobile apps and mobile app stores for malicious and rogue behavior and protect your customers from apps that impersonate your brand. Deploy automation that mimics user experience and will continuously discover your apps, determine if apps are hacked or have changed from a reputational perspective, and identify malicious or rogue app behaviors.

3. Alerting:

Implement an alert system that’ll inform you of suspicious activity for rapid enforcement and damage mitigation. After receiving an alert, determine whether to enforce company policy and laws and take down the application, continuously monitor the application (it could be a minor issue today but a major issue tomorrow), or dismiss it – no harm, no foul.

Fight malvertising and protect your brand name with RiskIQ for Ads

With a proactive approach, you can empower your team to take immediate action to identify and remove malicious malvertisement hosts and advertisers from
your network or publisher website and minimize the threat to your end users. The solution is RiskIQ™ for Ads. This cloud-based service intelligently and continuously scans and tracks advertisements as they traverse through the ad supply chain to detect existing and emerging threats and stop malvertising in its tracks.

Who benefits from using our solution?

  • ​Ad Networks avoid loss of business and trust from web publishers, lower liability risks from downstream publishers or their users.
  • Ad operations teams get real-time incident alerts that provide complete data trails to allow them to take action on illegitimate ads.
  • Publishers benefit from early warning detection of malvertisements to reduce brand and reputation erosion.