How Publishers May Guard Against Malvertising

Malvertising, defined as the use of online advertising to spread malicious software (aka “malware”), is a damaging occurrence in online advertising. A malicious advertisement is one that is able to infect a user’s computer with malware.  Malvertising tends to be rare in frequency, but its consequences can be destructive; publishers and infected users alike expend significant time, effort, and resources in removing malware.

Malvertising often takes the form of an ad that looks like a regular ad, but may contain code that infects the user’s computer directly, redirects the browser to a malicious website, or makes computers vulnerable to other malicious software. A user may either see advertising that is offensive in nature, of adult content, contains content atypical of the publisher, or the user may be duped into downloading malicious software. A common malvertising trick is an ad that launches a fake virus scan that indicates that your computer is infected and encourages the user to download and/or purchase a tool to remove the infection. That download is itself malicious, and further launches other infections and viruses.  For instance, in 2009, a malicious banner ad on the New York Times attempted to social-engineer site visitors into installing a fake antivirus tool that then tried to get users to pay money to fix problems it claimed to have found.

Other malicious ads are more subtle; they look like regular ads, but they act stealthily in the background of a machine and can only be detected by running legitimate virus and/or malware scanners or other special software.  The malicious advertisement may infiltrate a user’s computer and try to obtain private data from it, or it may use the compromised computer to send out spam messages or participate in other illicit online activities

A very common way for a site visitor to see malvertising occurs when a user with an already infected machine visits a website. The infected machine may then hijack legitimate ads on the website and cause the user to view ads that were not directly or indirectly sourced from the site/publisher. In those instances, the infection is a local one associated with the user’s local machine, and can primarily be removed by the user running an antivirus or antimalware scanner to remove the local infection.

Users can try to reduce the likelihood of their local machines being infected by doing one or more of the following: (a) always updating their installed software when prompted to do so (b) using reliable anti-virus software (c) installing a software firewall solution or making sure the default firewall is activated (d) using a safe browser such as Mozilla Firefox or Google Chrome and tightening browser security settings. (e) avoiding the installation of web browser “toolbars” (f) avoiding peer-to-peer file sharing programs and (g) practicing safe browsing techniques such as not clicking on suspicious links and/or attachments sent via email or spread via social networks, and avoiding illegal or unsafe websites (such as those with gambling or adult content) that are more likely to contain malware and lead to a computer being infected.

There are two other ways in which malware could be placed on a publisher’s site:

a)      From ads that were directly sold by the publisher. A malicious organization or criminal syndicate may disguise itself as a reputable one and place a media buy directly with a publisher. Typically, these are first-time buys, and are presented as short term campaigns that run a few days at most, and are often placed at the last moment to go live with extremely short notice.

b)      From third parties such as advertising networks and exchanges. Many sites use code received from advertising networks, exchanges, or other third parties. On occasion, these sources of third-party revenue may also be themselves compromised by malware or by not completely vetting the source of their ads. With the rise of real-time bidding, the automated buying and selling of online advertising also makes malware more likely to slip through.

Another trick is for malware authors to launch their attacks on Saturdays or Sundays (or holidays), assuming that, during those time periods, ad operations and/or technical teams are away from the office or will take longer to respond to malware attacks. This presumably gives the malware a longer window of time in which to infect more computers.

It is important that publishers take proactive steps to try to prevent their sites from serving as an unintended source of malware and malvertising.

A basic preventive measure is to use a good ad server to manage online advertising. For instance, this article outlines how Google’s DFP Small Business ad server scans creative to detect and respond to malvertising. For simple types of malware, most ad servers have tools that constantly scan all creative in order to detect and disable malware. These scanners may not catch 100% of all malware, or may fail to detect more sophisticated activities, but they do serve as a basic line of defense. Also, before allowing any ads to be launched, publishers should perform creative QA by scanning Flash (.swf) or JavaScript files, either manually, or by using sites such as Ad Ops Tools that provide malware scanning tools.

Another preventive method is for the publisher to thoroughly vet all advertisers and agencies with whom they work to ensure that they are reputable and legitimate companies.  Occasionally, malware authors pretend to be associated with legitimate and well-known ad agencies. In other instances, malvertisers create fake ad agencies that pretend to represent legitimate clients. As such, publishers must perform background credit and reference checks to not only ensure that a business partner is financially sound, but also to safeguard against malvertising. While relying on reputation-based systems is not solely adequate (due to the dynamic nature of the internet and the ability of criminal organizations to present convincing fake documentation), it is nevertheless a good basis for guarding against malware.

Publishers also need to ensure that any security holes discovered on their sites are quickly plugged, and that their advertising networks, exchanges, and any other third parties are performing their own due diligence with their business partners and also undertaking comprehensive creative QA. Due to the large number of transactions that occur with third parties, there is some loss of control, but all these third-parties should work internally and externally with publishers to prevent malvertising.

There are a few other ways to prevent malvertising. This series of articles from Google’s Anti-Malvertising site outlines detection methods for publishers, ad operations teams, everyone else, as well as common steps to take if malware is suspected on a local machine.

Google also offers a safe browsing diagnostic tool that can be used as a quick malware check on a website. It is not a comprehensive diagnostic, but the tool may be used as a way to quickly check a site for safety.

To use the tool, just append the site in question’s URL to the end of “” (quotes not included).

For instance, to test the malware status on NPR, you would enter . Google then returns four pieces of information about that site:

(a)    The current listing status of a site, including whether the site is currently suspicious, and whether it was listed for suspicious activity in the last 90 days

(b)   The last time Google analyzed the site, and what then happened. There will also be some details about any suspicious activity that was found, as well as the name of the host where the site is located.

(c)    Has the site acted as an intermediary in enabling the distribution of malicious software in the past?

(d)   Has the site hosted malicious software in the past?


The rise in the use of mobile devices such as smartphones and tablets also represents another growing source of malware infections.  Social networking platforms represent another common mechanism by which malware infections can spread, particularly on popular platforms such as Facebook, Instagram, and Twitter.  Malvertising is only one mechanism for inserting malware into local machines and network systems, but its frequency can be reduced. Publishers need to take this threat seriously, educate themselves, and develop policies and procedures to prevent, detect, and remove malvertising whenever possible.


Growth in Mobile and Hyperlocal Sponsorship

It’s no news that mobile is on the rise. Audiences are consuming more information on their smart phones and tablets than ever before. This trend is already affecting where audiences turn for radio programming. Around 45% of mobile users listen to radio on their device logging 12 hours a week on average.  A majority of this audience is using Pandora and IHeartRadio, but the public radio audience is surely making similar adjustments to the way they consume information.

In a recent study, researchers found that mobile users say they consume more hyperlocal information because they have a tablet or smartphone. Not unexpectedly, mobile advertising in local markets is expected to increase to $9 Billion dollars by 2017. A lot of that will be search based but around $2.7 Billion is expected to be display. This information only solidifies what we already know: mobile engages local audiences and brands want to reach them.

Further bolstering the future of hyperlocal advertising is the IAB’s release of its official creative guidelines for mobile. For smartphone display, the dominant unit is the 320×50. These standards have already been somewhat established, but IAB’s endorsement offers legitimacy. You can view the guidelines in full here.

StreetFight Magazine has a great webinar on how media buyers buy hyperlocal. I highly recommend checking it out. As more stations develop mobile applications and mobile websites, the opportunity to monetize those assets through local digital sponsorship will follow.

National Public Media already supports mobile ad trafficking for stations through PMI Ops. We anticipate demand for this will increase in the near future and encourage any stations interested to reach out for more details.


PubMedia Link Roundup 04/05/2013

Increasing Viewability On Real-Time Ads

AdConductor is partnering with RealVu, an ad verification technology company, in order to enable viewability metrics on real-time bidding within their platform. According to RealVu, A “Viewable Impression” officially occurs when the ad content is loaded, rendered and at least 50% of the ad surface area is within the visible area of a viewer's browser window on an in focus web page for at least one second.” A 2012 comScore study of 12 premium national advertisers that included Allstate, Ford and Kellogg’s found that 31% of online ads go unseen by users. Coupled with the increasing shift towards programmatic buying and real-time bidding, this is a sign of progress in moving towards viewable impressions as part of the 3MS standard, as well as validating the growth of programmatic buying.

Facebook's Home on Your Phone

This week’s major announcement from Facebook had to do with a Facebook Android app that acted more as a Facebook layer, skin or OS on a standard Android phone.  This announcement prompted a deluge of media analysis. Among others, both CNN and GigaOm worry about the privacy implications of having Facebook aware of every action taken on a user’s phone. Wired was enthused about the integration between Facebook and Android. Wall Street analysts also had some thoughts. And, lastly, here’s an FAQ from Time’s Harry McCracken.

Thrillist Brings In Digital Publishing Vet Anderman To Steer Native Ads, Mobile

Yet another arrow is fired in the buzz around native advertising and mobile. From AdExchanger comes news from, which has brought aboard a digital sales veteran to execute on native advertising and to bring content and marketing more closely together. As such, Thrillist jumps on board the  native advertising bandwagon publicized by organizations such as Buzzfeed and, and that has become one of the faster growing sources of digital revenue.


Lessons from Street Fight Summit

We just got back from Street Fight Summit (#sfsnyc on twitter), an annual event organized by Street Fight, a trade organization that presents research, news, and  information on hyperlocal online publishing, journalism, ecommerce, and technology.  The conference itself was a two day affair, from January 15 to the 16th in New York.

Four Things We Learnt from Street Fight Summit:

a) Search continues to remain important. And especially, smarter and a more contextual search that combines who, what, and where to present a more personalized set of results to the user. In that context, geographic and mapping data should be merged with search to present a social set of results. As panelist Aaron Rudenstine of CityMaps remarked, “Maps should be more social, I should be able to subscribe to places and have conversations on maps”. Hyperlocal publications that take advantage of context and search will gain engaged users, and more opportunities for ecommerce and revenue. According to Rudenstine, a local company city map would take advantage of technology, community, and social media to be able to browse and search, be dynamic, live, and in real time, be personalized, and lastly, be social.

Similarly, Tim Reis, head of mobile and social solutions at Google demoed “Google Now“, a personal assistant app that presents the user with the right information at the right time based on data you have already provided Google via your email, calendar, address book, present location via GPS, and so on. For instance, based on your calendar and GPS, Google Now could present you with transit information to your next appointment, telling you which route would be best, and alerting you to traffic conditions. He described Google Now as just one way in which hyperlocal organizations could interact with their own users, by taking advantage of their knowledge of a user's search intentions and presenting an organized social experience based around those intentions.

b) Mobile is coming into its own in terms of ad revenue and capabilities, but, there's still a lot of untapped potential. In a discussion that featured Pandora, Foursquare, and Verve, panelists explored how to use location data to more effectively monetize mobile. As penetration of smartphones and tablets increases, the volume of mobile ad impressions is expected to increase significantly, and some challenges that accompany those increases include issues centered on data accuracy, accuracy of targeting, and native versus display in mobile advertising. Display ads tend to underperform on mobile, so there is a need for an alternative to display advertising that makes better use of the advantages of mobile, on-the-go devices. Nonetheless, native mobile advertising is often difficult for smaller publishers due to lack of scale; in that scenario, display continues to be the easiest source of low-hanging mobile fruit. Given that many mobile devices are “always on” and present at all times,  hyperlocal targeting (based on proximity, latitude/longitude, or zip code), as well as other forms of targeting is an increasingly important data point that needs to be integrated better into local advertising and used more effectively by publishers and marketers alike.

Not only is location used to contextualize ads based on proximity, but as Tom MacIsaac of Verve Mobile noted, it creates a new data set for advertisers to learn more about you and your habits. Whether it’s frequent visits to Starbucks to know you’re a coffee drinker or long hours spent in schools to know you’re an educator, it can all be used to more finely tune your ad experience. He also noted that we should start thinking about mobile as a behavior rather than a technology. Activity on mobile devices is merely an extension

of a person’s digital self, and that inevitably advertisers will move toward buying impressions against specific users without regard to platform, instead of allocating specific budgets to display, mobile, video, audio etc. as they do now.

A separate panel featuring The Weather Channel demoed an ad that was specifically targeted to conference attendees, and was naturally integrated into its weather app results without disrupting the fundamental nature of the app itself. Data accuracy in targeting also remains a challenge. Pandora cited that the most popular zipcode was 00000, while The Weather Channel mentioned that its zipcode data was typically accurate, due to the nature of a weather app. You have to give users a useful reason to entrust you with their data, and make it easy for them to provide it.

c) Compelling content remains an important ingredient in online journalism. In a panel about digital publishing models, three big names in the hyperlocal news world brought their experiences of what does and doesn’t work to the table. Leela de Kretser of DNAInfo, a hyperlocal news startup focusing on New York City and Chicago, both oversaturated markets, noted that traditional keys to success remain the same: your journalists should be top notch and your stories should be compelling. But you also have to take advantage of uniquely digital opportunities like engaging your audience on social media and contextualizing ads based on location and user activity.

Zoh ar Yardeni of The Daily Voice noted his organization focuses more on rural and suburban communities, which poses a different challenge. While the audience is relatively small compared to major market publishers, the engagement level in some communities is upwards of 45%, a reach many advertisers see value in. Josh Fenton of GoLocal24 discussed their focus on smaller markets which they enter and make profitable one at a time. Unlike which entered dozens of small markets simultaneously, GoLocal24 does not expand its reach until its most recent addition is in the green. Through partnerships with traditional media companies they have been able to gain notoriety and expand coverage while sponsored content and brand integration helped them reach profitability.

Despite many different approaches, all the panelists agreed on one thing, sharing stories and establishing a following on Facebook and other socical media sources is key to traffic growth.

d) Daily Deals alone should not be the only or main source of hyperlocal revenue. Daily deals have hit a revenue plateau and there is a need to diversify revenue streams. According to panelist Ian Heidt of Qualcomm Labs, “people check their phones 150 times a day on average – once every 6.5 minutes.” Given the ubiquity and intimacy of these mobile devices, mobile commerce needs to present content and marketing in a smart, thoughtful, and engaging way so as to capture interest and digital revenue from users. Panelists from Gilt City, Groupon, and MobScout were bullish about the future of daily deals, but did caution that consumers do have many choices when looking for online daily deals.

While the daily deal business continues to be the core of the offerings by these companies, panelists also cited the need to expand into other areas of service, from expanding mobile and e-commerce offerings, to spending time also building out products and services for SMBs in their core business, so as to promote loyalty and retainment. Basically, the daily deal space is increasingly saturated, consumers have a great deal of choice, and companies need to offer a clear differentiator in order for both merchants and consumers alike to use their products and services consistently.


PubMedia Link Roundup 01/11/2013

Why It’s Time to Get Excited About Digital Advertising

Despite the challenges around digital advertising, Mashable presents several reasons for marketers and publishers alike to be excited about digital advertising.  The article talks about some of the most important events and trends occurring in digital advertising, including the closing mobile monetization gap, responsive ads, in-stream advertising, native advertising.

 The New York Times’ Plan To Save The Banner Ad

Facing downwards pressure on CPMs due to programmatic buying and an industry-wide oversupply of ad impressions, The New York Times is experimenting with more interactive forms of banner ads.  This is just one of the ideas originating from NYT’s Idea Lab, a team of 10 people whose objective is to think of creative ways to work with advertisers and agencies to come up with more compelling digital advertising content and revenue streams. In this particular iteration, the goal is to have banner ads that are more creative, interactive, and engaging than regular banner ads that are fast becoming commoditized by ad exchanges and programmatic buying.

Making The Most Of A Mobile Video Pre-Roll

Mobile video is becoming an increasing part of online campaigns.  Via Mobile Marketer, while mobile video offers increased engagement potential, a major issue or challenge is that there is a very limited window of time for consumers to absorb the content or a brand’s message contained within a mobile video pre-roll. In addition, certain challenges around measurement and tracking exist around mobile pre-roll. Mobile Marketer encourages advertisers and agencies to combine pre-roll campaigns with other online display and mobile video elements, in order to obtain the best results.