Online advertising is a multi-billion dollar global industry that lets advertisers serve ads to specific customers of interest as they browse the web. Using real time bidding (RTB), as web visitors land on a site, advertising networks are alerted of space available and whatever profile information can be gleaned about the visitor. Ad networks then auction this combination of space and profile through ad exchanges, and the winning bid's ad content is served to the web visitor. The entire process, from a visitor landing on a publisher's page to ads being auctioned, takes 200 milliseconds--the time needed to snap your fingers. Operating in such a short time frame requires efficiency and speed, so ad networks typically do not host ad content, and rely on servers optimized to quickly deliver content. This tightly choreographed interaction is a technical marvel, but one with built-in risks. The just-in-time collaboration between ever-changing technology providers gives an opening to malicious actors, who can hire a digital marketer, purchase online advertising space, and through devious means, use ad networks to deliver malware rather than ads. The practice of delivering malware as an ad has been termed malvertising, and its incidence is increasing at an alarming rate. This article will present examples of malvertising, describe its relationship with online advertising, and discuss ways to reduce the incidence of malvertising links.
Dwyer, Catherine and Kanguri, Ameet, "Gone in 200 Milliseconds: The Challenge of Blocking Malvertising" (2016). Student and Faculty Research Days. 3.