Interesting – Mike just pointed out how Google’s ad servers are serving malicious advertisements on Mashable, set up so only people from certain geographical areas get hit with the pitch to buy malware. I immediately thought ‘that’s got to be a consequence of allowing third-party ad tags on the AdSense network‘, and went over to check it out.
I was wrong – it doesn’t look like any third-party tag is being loaded. The ad’s surprisingly still running, down near Mashable’s footer where no one will ever see it. It looks like a site-specific buy – it appears all of the time, no matter what I do. Unlike Mike, I’m in America, and therefore I’m not seeing the pop-up that he (and likely the rest of Mashable’s Russian readers, and god knows where else) are seeing. But a little digging around in the JavaScript makes me wonder if Google’s really to blame for this. Mashable’s using Google’s Ad Manager to serve all of their ads, but not all the ads (maybe not any of the ads) actually come from Google’s ad network — according to Mashable’s advertising page, the CPM-based ones come from Federated Media, and the ‘sponsorships and direct ads’ they sell themselves.
We can (probably) tell which of Mashable’s twenty (!) ad slots come from Federated Media from the Google Ad Manager JS in Mashable’s header – eleven of them have ‘FM’ in the name of the ad slot, and nine of them don’t. The malware happens to be in one of the slots that don’t. Keeping in mind that this is pure and complete conjecture and could be 100% wrong, I’d guess the following: someone offered to pay Mashable a sponsorship for the leaderboard at the very very bottom of their page, and Mashable’s ad salespeople said ‘sure, it’s all incremental revenue’, not stopping to wonder why someone was willing to pay for such an obviously useless ad placement. Google Ad Manager facilitated the process by making trafficking and serving the ad trivial, but Google itself had nothing to do with the malicious creative.
The point to this long-winded ramble: like anything else, making ad serving technology cheaper and more accessible has unexpected consequences. Since the major ad networks have developed some pretty sophisticated systems for detecting malicious advertisers, the malicious advertisers will increasingly target unsophisticated publishers doing their own direct sales.
{ 0 comments… add one now }