Life would be much easier for the digital advertising community if fraudsters were more blatant with their malicious tactics. Maybe a giant neon billboard with a flashing arrow and words that scream “Forced Redirect and Malware, Next Exit.” But, alas, that’s not the case for publishers and the rest of the ecosystem. Bad actors and their bad ads are far more subtle than that.
That means the ad quality solution you choose to protect your brand, customers, and stakeholders must be up to the task. It’s simply not enough to identify those massive malvertising billboards along the digital ad highway – they should be a given. In fact, through three real-world examples, I’m going to show you some of the most common gaps in the ad quality armor we’ve seen in the ecosystem and discuss what you can do to fill them.
Advertisers think of a picture as a creative asset that engages a customer and propels them further down the sales funnel. But as many publishers have already learned the hard way, danger can lurk in a harmless-looking, diminutive 1x1 pixel.
Steganography is a big word with a potentially sinister underlying meaning for publishers – sometimes, a pixel isn’t just a pixel. What might look like a typical picture file at first is actually a loaded weapon, where fraudsters inject JavaScript code into the image. In other words, either something in the creative or appended to the creative carries the loaded pixel that triggers the malware.
When a user opens a page with this malicious code hiding in plain sight, the code loads and redirects the user away from the intended content and directly into harm’s way. This technique is one of the most extreme ways that a bad actor will attempt to hide their footprint.
Frustratingly for a publisher, the malicious code is essentially under their nose the entire time. However, without an ad quality solution that leaves no malvertising stone unturned, it can easily slip through the cracks and wield its special kind of damage to a brand and the UX.
We all know why content delivery networks (CDNs) are so prevalent across today’s digital landscape. They provide a fast and satisfying UX, even for an audience spread throughout the globe. And to state the obvious, satisfied users are return users, often making CDNs indispensable for serving content quickly and efficiently.
But like many other tools that publishers use to improve the UX and operational efficiencies, CDNs are also susceptible to bad ads, endangering the very UX that they’re meant to bolster and enhance in the first place. By implanting code within an ad that enables malicious behavior at some point down the road – sometimes even hardcoded into the files themselves – fraudsters effectively create a ticking time bomb, biding its time until it can detonate on unknowing publishers and users.
Within any given ad, the bad guys can reference a resource that the CDN serves, therefore avoiding having to use their own domain and giving them the ability to hide or move bad code at a moment's notice. Unfortunately, because the potentially malicious code looks like a benign file, image, or some other harmless piece of data, the ad breezes through the approval process and becomes part of the ecosystem. And then at some point in the future – boom.
Sounds pretty 007, right? That’s because it is. But for publishers, unless you have a multi-headed ad quality solution that can attack such subterfuge from the best angle – sometimes static analysis techniques like blocklists, other times dynamic analysis – you’re exposed to these timestamped weapons in CDNs. And that’s not good.
Lastly, what happens when you have malicious code that’s essentially prescient? Maybe not in the droid-driven cyber apocalypse sense of prescience from sci-fi movies, but self-aware enough to know when the ad it’s hitching a ride on is still under review by an ad server or exchange.
Some code is smart enough to know when to play possum, seeing the templating strings within the ad markup and proceeding down a non-malicious path. Basically, the ad is able to avoid detection during the pre-scanning phase, thereby alluding the grasp of any ad quality solution that solely relies on a scanning service.
But here’s where things get especially tricky. These types of heavily-obfuscated malicious code also slip through many real-time in-browser detection solutions as well, since, by the time it’s out of fingerprinting, the redirection has hidden itself within its own cross domain iframe. And within a cross-domain iframe, behavioral analysis techniques are also inadequate in blocking these highly-evasive malicious ads. That means your ad quality solution needs to have other methods to stop the script from executing.
So does all of this mean publishers should just wrap it up and call it a day? That the fraudsters have ultimately won the ongoing ad quality war with the industry? Of course not. It simply means that you can’t rely on a single-point solution. At least if you want to successfully combat all of the different shapes and colors of bad ads out there in the massive digital world.
The bottom line is this. Sometimes you need a blocklist. Other times, scanning or behavioral analysis is the most effective technique. And if your ad quality solution can’t seamlessly cover all of these bases and more, evolving in lock-step with an ever-changing environment, then you’re asking for trouble.
But that’s why Ad Lightning exists – to provide you with an ad quality partner in the truest sense of the term. We understand that a single tool just isn’t sufficient against such a clever, motivated enemy. At least if you want comprehensive protection against a bad actor’s full arsenal of tricks.
Sure, other providers might claim that their single-point solution is effective against the entire spectrum of malicious behavior out there. But to be blunt, those claims are empty and misleading. Only Ad Lightning gives you the scope of protection you need in this dynamic environment, and we know you and your customers will appreciate the difference.
Boltive Launches New Product Ad Monitor: Revolutionizing Ad Insights with AI-Powered Discovery Engine
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 2: What Regulators Want Us To Do – The Value of Proactivity
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 1: What Regulators Want Us To Know – Busting Common Myths
Go to Post
Text LinkPrioritizing Children's Privacy: Strategies for Ethical Advertising and the Use of AI
Go to Post
Text LinkBusiness Ninjas Podcast - Secure Protection for Advertisers Against Invasive Media
Go to Post
Text LinkBoltive and Slalom Consulting Join Forces to Bolster Data Privacy: A Powerful Alliance Against Emerging Risks
Go to Post
Text LinkAutomating Threat Detection: How Boltive is Harnessing Artificial Intelligence to Reshape Ad Security
Go to Post
Text LinkForbes Article - The Privacy Prescription: Rules Restricting Health Data Use And How To Employ More Holistic Security Measures
Go to Post
Text LinkOur CEO, Dan Frechtling, featured on Leadership Live podcast with Daphna Horowitz
Go to Post
Text LinkWhy Data Privacy is Being Overhauled in 2023: Dan Frechtling featured on the Security Weekly Productions podcast
Go to Post
Text LinkOur Director of Product, Christine Desrosiers, discusses the current state of Ad Tech with Brand Safety Institute
Go to Post
Text LinkGeekwire wrote about the heartening link that brought our CEO and CFO to Boltive.
Go to Post
Text LinkHow do businesses handle more consumer demand for proactive control over their personal information when regulatory bodies are giving them what they want?
Read MoreWith U.S. privacy laws in flux, Boltive's Privacy Guard simplifies compliance and empowers consumers with control over their data.
Read MoreEmpowering Brands and Publishers with Advanced AI Technology for Real-Time Ad Compliance and Enhanced Security
Read MoreLearn how BuzzFeed expanded their partnership with Boltive to protect consumers on their mobile app.
Read MoreReview the latest ad security data gathered by Boltive's Ad Lightning product.
Read MoreFrom ad security to data privacy, discover all of the major milestones Boltive has achieved over the years.
Read MoreCatch up on Part 2 of Christine Desrosiers’s thoughts from IAPP GPS as she dives into What Regulators Want Us To Do.
Read MoreFollow along as Boltive team member, Christine Desrosiers, shares her notes from the IAPP Global Privacy Risk Summit.
Read MoreIn this blog post, we’ll delve into the world of deceptive non-compliant ads discussing how our Boltive AI Engine is helping combat this problem.
Read MoreDiscover how the Boltive Object Identification Engine revolutionizes the way we manage tags and cookies, making manual searches a thing of the past.
Read MoreBoltive and CG Infinity have partnered to provide a data privacy solution in a time where privacy regulations are beginning to really ramp up.
Read MoreDiscover the secrets behind cookies, pixels, and tags and gain a deeper understanding of these tools and how they affect your data privacy practices.
Read MoreAs children and teens become more exposed to the dangers of social media and online advertising, regulators are stepping in to help protect them.
Read MoreCatch up on the latest updates from the ScamClub Active Threat that the Ad Lightning product has identified.
Read MoreExplore Boltive’s use of artificial intelligence in the world of ad security and the ability to quickly identify and mitigate unwanted content.
Read MoreRead how Sovrn Holdings leveraged Ad Lightning capabilities to defend against offensive ads.
Read MoreWith new state regulations around consumer data collection going into effect in 2024, top companies are taking action to ensure they are staying compliant.
Read MoreAre health websites sharing personal or sensitive data? Read this report from Boltive and Consumer Reports on our findings.
Read MoreDetected and blocked a reoccurring redirect campaign impacting 50 domains.
Read MoreRedirect campaign targeting both mobile and desktop users with fake update messages.
Read MoreRedirect campaign spanning almost 1,500 sites over the past 7-days.
Read MoreFraudsters hosting obfuscated scripts on AWS & Yahoo platforms, attempted to deliver malicious redirects to over 300 different domains.
Read MoreThis malicious campaign has two methods of triggering the redirect.
Read MoreReview the ad security data gathered by Boltive's Ad Lightning product in this month's Risk Report.
Read MoreCatch up on the latest Active Threats that the Ad Lightning product has identified.
Read MoreWith the TCF v2.2 being released in November 2023 and an updated GPP coming in January 2024, are you prepared to be compliant with these new releases.
Read MoreBoltive CEO Dan Frechtling joins Kelsey McDonald on the WriteForMe podcast "Business Ninjas" to discuss data privacy.
Read MoreThe new partnership provides customers with the ability to build privacy programs that stand up to growing scrutiny in data privacy regulations and evolving privacy threats.
Read MoreCatch up on the latest Active Threats that the Ad Lightning product has identified.
Read MoreThe Boltive team is leveraging the use of Artificial Intelligence to enhance the way publishers identify and mitigate threats.
Read MoreThough there are laws in place to protect health data, there are many compliance loopholes when it comes to data sharing.
Read MoreThough there are laws addressing Children's Data Privacy, there is much room for improvement to protect them.
Read MoreAd Security threats come in many forms - are you prepared to identify and address them?
Read MoreWith new regulations recently released and more coming, are your privacy programs and technologies ready?
Read MoreIn this More Than a Refresh episode the panel takes a deep dive into Digital Privacy. Join along as the group further explore data privacy regulations and how to best combat non-compliance.
Read MoreBoltive CEO Dan Frechtling joins Intuizi's Ron Donaire on The Data Deep Dive to discuss Boltive and how it fits into the Privacy world.
Read MoreTechnology Council Member and Boltive CEO, Dan Frechtling dives into the evolution of data privacy.
Read MoreChristine Desrosiers, our Director of Product, shares an insightful and informative whitepaper on the current state of privacy compliance.
Read MoreDan talks about his journey from marketing to data privacy. He is on a mission to protect consumers from invasive media. He shares his personal story about being tracked online and how the hyper targeting he was victim of started him on his journey to Boltive.
Read MoreToday on That Tech Pod, Laura and Kevin speak with CCPA & CPRA Co-author Rich Arney and Boltive CEO Dan Frechtling.
Read MoreGiven the uncertain macroeconomic climate, the outlook for digital ad spending is spotty at best. Over the last year we have seen that large advertisers are pulling back budgets, and it’s looking like that will only continue this year.
Read MoreOur CEO Boltive, Dan Frechtling, has been accepted into Forbes Technology Council, an invitation-only community for world-class CEOs, CIOs, CTOs, and other technology executives
Read MoreDon’t miss this episode of Leadership Live where Dan Frechtling discusses loss, leadership, and data privacy – what every CEO needs to think about.
Read MoreGet the scoop about why Sephora was recently fined, and why data privacy is being overhauled in 2023
Read MoreAssuming CMPs are infallible could be detrimental to your data privacy efforts, resulting in broken relationships with your consumers, damaged business reputations, and hefty fines.
Read MoreOur Director of Product, Christine Desrosiers, discusses the current state of Ad Tech with Brand Safety Institute
Read MoreBoltive featured in Quirk's Media article on how to comply with changing data privacy regulation
Read MoreGeekwire wrote about the heartening link that brought our CEO and CFO to Boltive.
Read MoreBoltive's Privacy Guard was recently featured in Consumer Reports
Read MoreWe recently published our 2021 Q2 Malware Recap, so take a look at what has been plaguing website publishers and users this quarter.
Read MoreSix months ago, we partnered with Setupad and replaced their legacy ad quality solution to improve their coverage against bad ads.
Read MoreCheck out our our 2021 Guide to Blocking Bad Ads and Ensuring Ad Quality – a comprehensive roadmap that platforms and publishers can utilize to successfully navigate the frontlines in the battle of ad quality.
Read MoreCheck out our recap of the state of ad quality in Q1 2021
Read MoreWe're delighted to tell you about the significant uptick Ad Lightning has seen in platform partnerships in recent months.
Read MoreWe place so much importance on NPS, I wanted to take a few minutes to explain what it is and how we use it at Ad Lightning
Read More2020 was historic, and I don’t mean that in a good way. But there’s always a silver lining, even in the most trying of times.
Read MoreFraudsters were still up to no good in Q4, relying on everything from old standards to newer malicious horizons as their assault on publishers, platforms, consumers, and stakeholders continued full throttle.
Read MoreAd Lightning's video QA tool maximizes publisher ROI by identifying issues before ads go live. Fast, easy, and effective. Learn more at Boltive.
Read MoreThis is what Ad Lightning is providing to the ecosystem with our Look at the Digital Advertising Industry in 2021 – a prescient, thoughtful, practical group of insights that publishers and platforms can use to successfully navigate an uncertain future.
Read MoreWe take a moment to revisit a handful of topics discussed in our 2020 State of Ad Quality report, how they played out during the year, and look at what publishers can do to protect themselves from the bad guys.
Read MoreWe're going to show you some of the most common gaps in the ad quality armor we’ve seen in the ecosystem and discuss what you can do to fill them.
Read MoreChanges to CCPA Put Retargeting in the Regulatory Bullseye
Read MoreCheck out a presentation our CEO, Dan Frechtling, gave at the recent IAPP conference.
Read MoreHaving a Consent Management Platform (CMP) does not let you off the hook if your partners accidently (or intentionally) expose your customers’ data. You need to ensure information sharing consent is given in 4 key areas or you risk brand and profit damage.
Read MoreOnline ads can violate privacy in a number of ways, learn more about how user data may be at risk
Read MoreUnderstand the ad ecosystem and how Privacy Guard's technology provides tailored solutions to detect and resolve privacy issues.
Read MoreLearn more about how Boltive's new tool Privacy Guard delivers key insights you need to keep your consumer data -- and your brand reputation -- safe.
Read MoreGet an overview of the online ad ecosystem, and how Boltive's new tool Privacy Guard can help keep your consumer data -- and your brand reputation -- safe.
Read More63 of F100 Companies Don’t Meet CCPA Standards, 33 Use Methods That Often Fail
Read MoreDid you know 15-30% of consent opt-outs designed to protect personal data routinely fail?
Read MoreAn interview with Rick Arney, board member of Californians for Consumer Privacy (CCP), and co-author of CCPA and CPRA
Read MoreAn interview with Rick Arney, board member of Californians for Consumer Privacy (CCP), and co-author of CCPA and CPRA
Read MoreThe ad ecosystem is like the wild west. Legitimate advertisers and publishers are leaving themselves and their partners exposed to consequences due to non-compliance.
Read MoreThe perception and tolerance of digital advertising is changing.
Read MoreOur forecast of what's to come in 2022
Read MoreWhile 2023 may seem like a long way off, it will come around quicker than you think. It is never too early to prepare - particularly when it comes to updating your data privacy processes to remain compliant.
Read MoreThere has been a lot going on in the world of ad privacy. Here’s what you may have missed this quarter.
Read MoreAs a member of the Coalition of Better Ads, Google has long been an advocate for blocking ads that hamper the user experience. But they took in one step further in fall 2020.
Read MoreCurrent technologies and methods used today routinely interfere with Consumer Rights to Opt-Out. As important as it is to address dark patterns, it’s just as important to address dark signals.
Read MoreOur Privacy Guard solution proves to be a success by identifying critical problems for Fortune 500 brands.
Read More3 To-Dos to Ensure Compliance & Stop Ad Privacy Violations
Read MoreSeveral key takeaways from presentations related to California regulations.
Read MoreWednesday, August 24 marked the end of the quiet period for enforcement of the California Consumer Privacy Act (CCPA).
Read MoreAdvertisers and brands are liable for any unauthorized data sharing in their digital advertising campaigns. Comply with regulations and protect your reputation.
Read MoreThe digital advertising ecosystem is large and complex. And it’s expanding.
Read MoreStay ahead of the game with our article on 5 Ad Security Malware Trends for 2022 and Beyond. Protect your business from evolving threats. Read now on Boltive.
Read MoreWe recently published our 2022 Q1 Ad Quality Report, so take a look at the key trends we’ve identified and how publisher’s are fighting back.
Read MoreWe're fresh out of content!
All the news that's fit to print.
