Earlier this week security startup Lastline pulled a blog outlining malvertising research it did into the ‘Top 10 dirtiest ad networks’ after one or more of those mentioned objected to the firm’s methodology.
The security world badly needs to get to grips with the phenomenon of ad networks being used to distribute malware, so its disappearance was a disappointment. The blog was based on a research paper The Dark Alleys of Madison Avenue, Understanding Malicious Advertisements presented Lastline’s co-founders Giovanni Vigna and Christopher Kruegel and Apostolis Zarras of the Ruhr-University Bochum, which is still available (as was the blog on Google cache as of 14 November).
The team looked at 40,000 websites hosting 600,000 ads using a tool called Wepawet, finding that one percent of the latter led to malware, which sounds small until you realise these will be accessed probably millions of times.
Notwithstanding any issues over the methodology, the interesting takeaway was the contrast between networks, with some completely clean (100 percent so) and some astonishingly dirty (one was said to reach nearly 40 percent malicious).
Lastline issued the following statement when we enquired about the status of its blog and findings:
"Some ad networks have expressed concern about the scientific validity of ranking them by percentage of benign ads in Wednesday's blog post. We have taken the blog post down until we can address those concerns."
Malvertising is becoming a serious issue, as a variety of recent stories have underlined, including its use to push ransomware and the way even large Internet firms such as Yahoo can be cought in its web.
But if the firm is correct and some networks are worse than others, users have a right to know that and so, presumably, do the networks themselves.