Group Drafts Security Guidelines to Fight Malicious Ads
The Online Trust Alliance has formed the Anti-Malvertising Taskforce to combat malicious ads on the Internet.
The task force currently comprises more than two dozen business, advertising industry and government representatives, but the OTA is still recruiting members to join and participate. As part of its efforts, the group has created a working draft of guidelines for the online advertising community to combat malicious ads, also called malvertisements.
Research by the OTA underscores the depth of the problem. According to its analysis, there was a 250 percent increase in compromised display ads during the past quarter served by more than 100 unique ad networks and exchanges.
In its proposed guidelines, the group suggests a number of best practices for the "advertising ecosystem," including a prohibition on accepting ads or creatives hosted by clients and a recommendation that organizations create incident response plans to notify affected clients and partners if a malicious ad is discovered.
"The business and security communities are to be commended for their efforts to help develop best practices supporting end-to-end online trust," said Craig Spiezle, executive director of the Online Trust Alliance, in a statement. "By working together we can establish controls and accountability to bolster online confidence, allowing consumers to continue to enjoy the value they receive from advertising supported online services."
In May, security firm Dasient reported that roughly 1.3 million malicious advertisements are viewed on the Web everyday. Most of the time, the bad ads infect users with malware using drive-by downloads, the vendor found.
"Malvertising is a serious threat to both consumers and the online advertising industry," said Leslie Harris, president and CEO of the Center for Democracy & Technology, in a statement. "We support the OTA's efforts to bring stakeholders together to discuss consensus approaches to address this problem."
OTA is soliciting written input from the security and interactive advertising communities through Oct. 10, with the goal of publishing formal guidelines by November. Copies of the draft guidelines can be found here (PDF).