"Malvertising," a combination of the terms "malware" and "advertising," describes online ads that are viral in the wrong way: They attempt to infect the viewer's computer. "Badvertising" is a variant term.
"Some cybercriminals attempt to use advertising to distribute malware," the site explains. "Possible vectors of attack include malicious code hidden within an ad creative (such as a swf file), embedded on a Web page, or within software downloads."
The site was created by Google's Anti-Malvertising Team to mitigate the impact of bad ads on Google properties and on the Web sites operated by partners. The reason is simple: Google has a significant interest in making sure that ad blocking doesn't become a standard security practice.
"It certainly seems that awareness of the industry-wide issue of malvertising is on the rise," said Eric Davis, a member of Google Anti-Malvertising team, in an e-mail. "This site fits into our broader goal to help and encourage all members of the online advertising ecosystem to take an active role in malvertising prevention. It's one part of Google's commitment to educating our customers, improving the industry as a whole, and making the Internet a safer place for everyone."
In early 2008, Niels Provos, a security engineer at Google, said in a blog post that about 2% of malicious Web sites were distributing malware through advertising, based on an analysis of about 2,000 known advertising networks. In 2007, the Q1 2007 Web Trends Security Report published by Finjan said that about 80% of malicious code online at the time came from online ads.
In February of this year, eWeek.com inadvertently displayed a fake Lacoste shirt ad that directed visitors to a site hosting malware. And there have been several similar incidents this year at high-profile sites like MLB.com and FoxNews.com.
The Google custom search engine on Anti-Malvertising.com is designed to provide publishers with background information about advertisers. Fed an advertiser's name, company name, or ad URL, it returns information that may be useful in assessing whether the advertiser is trustworthy.
Anti-Malvertising.com also includes educational resources for those trying to defend against cyberthreats.
Black Hat is like no other security conference. It happens in Las Vegas, July 25-30. Find out more and register.