Tag: malware

Posted on

Applications Up by 75% for TAG’s Online Media Verification Program

The Trustworthy Accountability Group (TAG) has released inofmraiton about the number of applications for registration over the past few months, and things are looking good. Brands that are accepted into TAG are recognized for their efforts to stop ad fraud as well as fighting digital crime.

The report found that there was an increase of more than 75% in the last three months for applications for verification, bringing the number to more than 350. Applications are coming in from 26 countries across six continents.

A prerequisite for participation in TAG’s multiple seal programs, TAG Registration verifies that companies are legitimate participants in the digital advertising industry. After a proprietary background check and review process powered by Dun & Bradstreet and subsequent approval by TAG, companies can be verified by name – or by their unique, persistent TAG-IDs – in the TAG Registry.

Mike Zaneis, CEO of TAG says, “In less than three years, TAG has established itself as the preeminent global organization fighting crime and increasing transparency in digital advertising, and we are aggressively building out TAG’s staff and infrastructure to support our growing program and member needs.”

“The fight against criminal activity in digital advertising requires deep knowledge of technology, advertising, law, and policy, and our new team members have strong backgrounds and deep expertise in addressing those complex and interrelated topics,” continued Zaneis. “We look forward to working with Michael, Bonnie, and Dominique as we create a safer, more trustworthy, and more transparent supply chain for all participants in digital advertising.”

Earlier this month, TAG awarded its first set of “Certified Against Malware” Seals to nine companies that have implemented TAG’s rigorous anti-malware standards. The initial recipients of the Seal include AppNexus, DataXu, Google, LKQD, OpenX, Publishers Clearing House, Rocket Fuel, Sovrn, and The Media Trust.

Posted on

NoTrove Malware is Killing Ad Network

According to RiskIQ, a new malware is seriously damaging the advertising industry, and ad networks have no idea how to really combat it.

William MacArthur, a threat researcher at RiskIQ said, “NoTrove harms not only visiting users, but also legitimate advertisers, adversely affecting those reliant on the credibility of the digital advertising ecosystem such as online retailers, publishers, and networks. Constantly shifting infrastructure means simply blocking domains and IPs isn’t enough. We must now begin utilising machine learning to leverage human security teams who increasingly depend on accurate, automated scam detection.”

Put simply, it is the person behind the most effective scam network yet discovered. It has been active since 2010 but has managed to remain off the radar of security vendors for most of that time. RiskIQ claim that it is responsible for millions of scam ads across the Internet. In the press release RiskIQ states: “NoTrove was so effective that one of his pages ranked as the internet’s most visited pages for one day.”

NoTrove runs a vast web of Internet domains. These are created and removed automatically over short periods of time. This countermeasure makes it hard for security companies to spot and produce tools to block. Each domain has its own infrastructure comprising another set of domains addresses focused on different scams. The report from RiskIQ says that these range from promotions to prize draws, surveys to free software.

They are then displayed on unsuspecting websites through a variety of methods. This might include poor website management or using hacked credentials to take over a website. More effective is the breaking into established advertising networks and using them to place ads on thousands of small business websites and blogs. In February RiskIQ reported that advertising networks from Google, AOL and Rubicon were among those hacked into. This allows malvertising from the like of NoTrove to be placed on large numbers of websites including those of very large companies.

The ads are constantly refreshed as another countermeasure to stop them being spotted. Once a user clicks on an ad they are redirected to where NoTrove wants them.

In some cases the malvertising is looking to harvest data from users machines. In others, it will install small programmes that are used by a range of cybercriminals. It might be to install malware or deliver more fake advertising.

The big bonus here is defrauding companies out of money for displaying adverts. Most advertising on the Internet relies on traffic. NoTrove generates vast amounts of network traffic. That traffic is then sold to third parties, some of whom use it to inflate the numbers of hits for real adverts. This then means that the advertisers pay out per ad view or impression. Although the amount per impression is typically very small, the number of fake hits are high enough to make this valuable.

There is another side to this. The number of adverts that are irrelevant to users is increasing. This has led to a breakdown in trust between users and advertisers. More importantly it has created a large growth market for ad-blockers which have a significant impact on some websites. If users are blocking ads then the website doesn’t get paid as the ad isn’t viewed. This has forced some websites to limit the content users can see if they are using an ad blocker.