Knowledgebase: E-Planning AdServer
Malware Prevention Policy
on 08 April 2016 07:53 PM

From our place in e-planning, and together with most of our customers and companies in the area, we actively take part of discussions held so as to improve online advertising quality, define guidelines and agree on the best practices to be employed. That’s the reason why the development of technological solutions in line with the market standards is part of our role.

During the last year, more discussions arose on the prevention and detection of suspicious, malicious and/or defective code violating different sites, affecting the performance and harming the final user. As ad serving suppliers, our place is outstanding in the advertising distribution chain and we consider of paramount importance to adhere to IAB Technology Council’s recommendation for malware analysis and detection.

We have thus developed a malware detection process described as follows:


Registration of Advertisers and third parties tags and click URLs in the platform

In order to ensure click urls leading to malware will not be used and that such urls will not be used in tags or text ads either, a URL validation is performed when loaded in the platform. This validation is made based on urls supplied by services such as Phishtank and Malware Domain List, under continuous updating process. Additionally, from e-planning, new urls are added and we may locate them in different situations, in order to enrich the list and cover the most possible number of malware cases.

In case the url used matches any in our base, the ad loading process is rejected with the necessary information to guide the user.

Tags scan

As from May 2015, we started working with The Media Trust. They provide us the scanning service of all third parties tags loaded in the platform.

This procedure is very important and enables a pro-active and fast performance to avoid “malware” situations.

We are connected with them through API. The process involves the sending of tags to TMT to be analyzed every 20 minutes.

In case any tag is affected/considered as malicious, TMT sends an alert to automatically BLOCK the affected tag. If associated to more than one campaign, it remains canceled in all campaigns at that same time.

After this procedure, a message is displayed in the platform to inform the user which ad was blocked and the reasons for such action.

In addition to automatically block the affected ad (tag), it may be not reactivated or reloaded in that account or in any account of e-planning customers. This will be possible as all tags having showed some kind of malware will be saved to avoid future cases.

As additional actions, if the tag affected by malware comes from a customer of our e-planning client/user, the process foresees a joint notice to the advertiser/agency or partner in infringement of the policies and we will ask the adserver user not to run new campaigns from such origin. If the incident is repeated with the same advertiser/agency or partner, the account will be sanctioned. Likewise if the malware tag comes from an e-planning direct customer (network, advertiser or agency), the account will be sanctioned.

On the other hand, from e-planning, we ask all our customers to make a joint effort in order to prevent malicious practices.

Some recommendations are made below for ad server users to take into account at the time of incorporating new advertisers/agencies and adding their campaigns:         

Corporate checks

Ask for corporate references. In most cases, it is not advisable to work with unreferenced companies or coming from unknown corporations.

We neither recommend working with companies using personal email addresses instead of a corporate one.

Check the corporate website. Verify address and contact information supplied.

The company’s website should publicly state corporate officers.

If the company does not ask for campaign results follow-up reports (clicks records on domains ran), this should be an alert situation, subject to investigation.


Campaigns check

Do not re-load ads neither work with advertisers already detected as malicious.

Verify the advertiser is really behind the company/ brand it states to represent. Many times they use product names of recognized brands in order to “disguise” their real identity and intentions. Ask for contact information in order to check this.

In most cases, you should accept payment via commercial invoices only, and not through Paypal, credit card, etc.

Please pay attention if the advertiser’s campaign contains rare and/or atypical segmentation criteria, such as:

Segmentation for browsers or discontinued/ old operation systems (special Internet Explorer and Windows Odd Geos), in low peak traffic times with high CPMs.

Campaigns that must be online at the very last minute or run after a holiday should be investigated thus creating at least some kind of alert.

(0 votes)
This article was helpful
This article was not helpful