Malvertising in Native Ads
The popularity of native ads continuous to grow, with increasingly more publishers accepting the well-liked format. In fact, native ad adoption is expected to reach 41% in 2017. But while publishers are aware of the benefits of the ad format – they are less aware of its risks and the high costs associated with bad native ads, especially those containing malware. Here we will dive into what native ads are and look at those risks.
Native Ads 101
So, native advertising – by definition is: “a type of advertising that matches the form and function of the platform upon which it appears”.
In general, it would mean that the user’s experience will be natural, clean, and not intrusive.
Today, there are 6 main units in native advertising –
• Social in-stream units • Paid search units • Recommendation widgets • Promoted listings • In-ad units • Custom units
Social In-Stream Units
These can be found in Twitter’s Promoted Tweets and Facebook’s Sponsored Posts. They merge seamlessly into the feed and can only be identified by the word “promoted” or “sponsored” next to the ad.
Paid Search Units
This type of native ad applies to search results, such as the ones that we see on Google, Bing, Yahoo, etc. They are all actually paid advertisements marked as “ads” allowing the user to understand that they are indeed paid Native search units, and not a regular generic search engine result.
These usually appear at the bottom of a web page, under the heading “From around the web” or “You may also like…”. These ads are usually driven by third-party publishing platforms. Widgets usually promote a list of related articles – so that the ad (whether image or textual) merges nicely with the regular content of the page.
This kind ad can be found on eBay, Amazon, FourSquare, etc, showing promoted product listings on shopping sites.
An in-ad is a standard IAB container that holds contextually relevant content and relevant links to an offsite page. These are used today by Federated Media, Martini Media, and more.
A custom embedded ad located within a product, with specific unique measurements. These could be within a website or app. These are used today by Spotify, Pandora, Hearst, Tumblr and many more.
Now that we know which units to use & we applied all ethical aspect to our ads, We need to know how the technical implementation works.
There are three main types of Native platforms.
Here brands promote their own content (or branded content) on their own their own websites. The risks here are minor and as in any closed environment, the control is high.
The content of native ads comes from outside the particular website or app, and is distributed over multiple sites by a third party vendor. There are many risks with these platforms and having one might create many unknown risks due to the ads or the final landing pages presented to the users.
The native ad content of the hybrid platform is applied in a programmatic manner, where advertisers can bid on the inventory via Direct Sales or Real Time Bidding.
The following 3 options above shows us that there is indeed a risk when planning to work with Native ads. We will now focus on the Open & Hybrid options – as they have the most high risk issues.
Lack of Publisher Control
Since publishers relinquish control in Open and Hybrid platforms, these present the highest risk. • In these platforms, the ad unit is powered by a script that’s generated to handle all the targeting parameters. The publisher has no control over these parameters, which may affect the ad presented to the user.
• All of the data that applies to the related content is hosted on servers that belong to the publishing platform’s ad servers.
• Much of the content that is seen is actually hosted by content recommendation engines, which again does not allow any control by the publisher.
• With full Real Time Bidding (now entering Native), the Open and Hybrid platforms do not allow any publisher control.
Despite all these problems, there are still many positive reasons to employ Open and Hybrid platforms: you get ads that are targeted to your users, the RTB and Programmatic methods used enable high revenues for the publisher, etc. But with all the benefits – the publisher is still releasing control, and this may result in serious risk issues.
Security Threats from Native Ads
Today, most security threats from native ads are post-click (the action/activity taking part right after the user is clicking on the ad).
Let’s review the risks we see today –
Delivery Path Corruption
With Delivery Path Corruption the click URL, which indicates the redirect that the user will go through, is changed to affect the end point. The user will then see a totally different end location and totally different Landing Page.
Landing Page Hijacking
In Landing Page High-Jacking cyber-criminals use automated tools to discover third party Landing Pages in Native ad campaigns. They then physically infect these Landing Pages with a virus. The users will later visit these infected Landing Pages.
The attacker builds a legitimate campaign and presents it to a Content Recommendation Engine. The campaign is checked, reviewed, and approved by the Native platform. It goes live and runs on publisher sites. But after a couple of days, the attacker activates the malicious code, and from that point on, every user is infected.
These infections could be:
• Phishing attempts • Drive-by downloads • Trojan horses • Ransomware
Similar to a Manipulated Attack, but more sophisticated, is the Targeted Attack. Here, the same method is applied, but the attacker targets only specific users. These users may be specified by IP, geo-location, browser type, or other criteria.
For example, users seeing a specific Native campaign via the Chrome browser in France would have no problems, while users from Canada using Firefox, that saw the exact same campaign, would be targeted based on their geographical location and browser. This is simply a more dynamic way to attack specific users.
GeoEdge and Native Ads
GeoEdge offers comprehensive malware protection for native ads. We scan ads or codes in order to identify any malicious activity in Native Ads – whether they be dynamic security threats or softer threats impacting the user experience.
Speak to us about protecting your sites and users from native ads, and be sure to sign up for our next webinar, “Optimizing Video Ads for Better User Experience.”