It was worth to invest so much time and resources to be named as one of the “cleanest” ad platforms in digital advertising industry. PixFuture was nominated as “cleanest” ad platform of 2014 by LastLine – an advanced malware protection company. LastLine has performed large-scale study of ad platforms investigating the safety of 600,000 ads on 40,000 websites.
“As you’ll see in the charts below, six ad networks tied for “cleanest” with 100% benign ads served and 0% malvertising for the duration of the study: AdRoll.com, AdFox.ru, 24-Ads.com, Adscale.de, Pixfuture.net and RedIntelligence.net. CPMStar.com, Doubleclick.net, Adition.com and Amgdgt.com round out this list of cleanest ad networks.”
==============FULL ARTICLE FROM LASTLINE===================
Last week at IMC Vancouver 2014, cyber-security researcher Apostolis Zarras of Ruhr-University Bochum presented a research paper entitled “The Dark Alleys of Madison Avenue, Understanding Malicious Advertisements” that he co-authored along with other researchers including my fellow Lastline co-founder Christopher Kruegel and myself. For this paper, we performed the first large-scale study of ad networks that serve malicious ads or “malvertising”, investigating the safety of 600,000 ads on 40,000 websites.
The malicious 1% of ads served
Ultimately, we measured that on average 1% of served ads were conduits for malware. When multiplied by the millions of ads served every day, that is a sizeable number. Interestingly, entertainment and news websites hosted more malvertising than adult websites. This widespread proliferation of malvertising through unsecured or undersecured ad networks on mainstream websites is a serious threat to both Internet users and the Internet economy.
Below, we provide some statistics generated from what we observed. A few caveats are necessary. First of all, this data reflects a specific window of time. When malware and cybercrime is involved things change fast, as the miscreants try to avoid being detected and blocked. Second, our “oracle” (i.e., the tool which indicates if an ad is associated with malware or not) is Wepawet which is a good system, but not a perfect one. Therefore, both false positives and false negatives are possible, even though we have tried to aggressively minimize our false positives, at the cost of some false negatives. This means that these results represent a “lower bound” on the phenomenon (in layman’s terms: things are probably worse than we report here).
Which ad networks have the most malvertising?
We crunched some numbers from the data sets from the study and have identified the top 10 dirtiest and cleanest ad networks, based on the proportion of malicious vs. benign ads served. As you’ll see in the charts below, six ad networks tied for “cleanest” with 100% benign ads served and 0% malvertising for the duration of the study: AdRoll.com, AdFox.ru, 24-Ads.com, Adscale.de, Pixfuture.net and RedIntelligence.net. CPMStar.com, Doubleclick.net, Adition.com and Amgdgt.com round out this list of cleanest ad networks.
Looking at the top 10 dirtiest ad networks, there is one clear malvertising network standout: Tapad.com. A full 38% of the ads served through the Tapad network appeared to contain malware.
Malvertising can be prevented in modern browsers by using the sandbox attribute of iframes in HTML5, which can protect those who click on ads from link hijacking (the most common vector for malvertising in our study). Unfortunately, not one website we looked at used this attribute to protect its users.
As stated in the paper presented in Vancouver last week, “one of the greatest and most prevalent cyber-threats facing marketers, advertising and creatives is malware.” When you consider how pervasive malvertising is based on these findings, it could be one of the greatest threats to the Internet as we know it. Thankfully, there are clear steps that can — and should — be taken today to stamp out malvertising.