Viral Ad Network

The web can be a dangerous place – for your site visitors as well as for you as a website owner.

It seems that many publishers sites were recently attacked through ad networks similar to ours, so it seems an appropriate time to cover some of the things that we do here at the viral ad network in order to protect your visitors, and to keep our network clean from such attacks.

For some background – mallware / virus writers often target ad networks in order to distribute their code to as many people as possible efficiently (exactly the same reason advertisers use ad networks in general).

Security has been built into our systems from the day we started, and in the years we have been running, we  have detected all malicious advertising as part of our security reviews before it has had a chance to go live across our network.

Here are just a few of the things currently do in order to protect you, your website, and your viewers.

1. We serve ads into containers on our own domains. This protects your website from a wide range of potential XSS vulnerabilities that could arise.
2. We usually re-compress images to mitigate image-format based attacks (e.g.  GIFAR ).
3. We review the landing pages and trustworthyness of sites that ads send traffic to.

For Ads including ECMAScript (“Javascript”) or Flash we may do any (or all) of the following:

1. A manual security review of JavaScript/ Actionscript source code.
2. Decompilation of flash to  Actionscript source code.
3. Static analysis of the code.
4. Dynamic analysis / fuzzing of the code.

We consider these reviews an important part of the service we provide publishers – a review that most publishers would find technically challenging, or simply too costly to perform for each advertisement.

This entry was posted on Monday, April 12th, 2010 at 10:23 am and is filed under Publishers. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.