How Ad Agencies Prevent Driveby Malware Ads

On of the most effective ways to distribute malware to unsuspecting users is to poison the advertising banners used by some of the most popular websites on the Internet. The malware author’s ad would take advantage of local browser weaknessses to inject trojan software or otherwise compromise the system. If a malware author could get his malware to be delivered to everyone visiting Gawker for instance, it could represent thousands of compromised systems before anyone could react and remove the ad.

When malware authors first started using this metholdology, many of the ad agencies each had to learn the hard way that advertisers weren’t always who they claimed they were. Lots of background checks were put into place to prevent these criminals from placing bogus infected ads- credit checks, investigation into domain registration, business history, references- and still some bad guys kept breaking through.

Many ad agencies had their reputations thrashed because they unwittingly enabled the compromise of thousands of systems, so it was in their best interest to protect the cyber community by vetting their clients as well as they could.

This article here at MediaPost provides a great web advertising insider’s account of dealing with very clever malware authors who were creating shell companies specifically so they could get their ad banners on their ad network.