Google Offers Six Tips to Stop Malicious Online Ads

Know Who You’re Working WithPublishers should research the domain names of ads’ click-through URLs, as well as the domains for advertisers’ and agencies’ companies. If a domain was registered recently, the domain registrant’s name and contact information is hidden or false it should send up red flags.

Secure PartnersPublishers should be aware that different ad networks and exchanges may have significantly different standards for malware detection, Google said, adding the company strongly advises against using networks or exchanges without strong anti-malware security measures in place.

Perform Comprehensive Q&A on Ad ContentSites such as Wepawet and Adopstools should be used to scan Adobe Flash Player, JavaScript and PDF files before they are allowed to run. Test each core creative and all files the creative’s code invokes, and use SWF-to-XML converter to detect references made from each SWF file. If the converter fails with an error, treat the creative with suspicion, Google advised.

Proper PlanningHaving a strong response plan in place is important to ensure a quick reaction to a threat, Google said.

Fake Anti-Virus Rogue anti-virus scams are a common threat on the Web. Such operations often pull in significant profits by tricking users into paying for software that does nothing, and malvertising often figures into such schemes. An example of this is the recent attack targeting visitors to NYTimes.com. To avoid this, Google suggests users research a company’s reputation before downloading its software or visiting its site.

Follow Standard End-User Best PracticesThis includes making sure your browser, operating system and anti-virus are fully patched. Google also urged users to exhibit caution when they are prompted to download an e-mail attachment, follow an instant message link or install a plug-in or unfamiliar piece of software.