Protected Media

Ad hackers are becoming more sophisticated in stealing budgets from advertisers. Symantec researchers discovered three malicious apps on Google Play that collected ad revenue by clicking on ads while running in the background. The three apps used three separate techniques: Delayed attacks Self-naming tricks An attack list received from a command and control server [C&C] Each of these techniques is relatively common on their own, but have not been seen together.  You can read the full report from Symantec here . At Protected Media, we've already flagged those apps as bots even before the post from Symantec. Since our technology can identify bots, regardless of the technique used, we were able to protect our clients from these malicious apps. - Zac

Check Point reported recently that its researchers have found a new variant of the HummingBad malware hidden in more than 20 apps on Google Play. The infected apps in this campaign were downloaded several million times by unsuspecting users. Check Point informed the Google Security team about the apps, which were then removed from Google Play. This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before. You can read more details about HummingBad and HummingWhale on this post.  http://blog.checkpoint.com/2017/01/23/hummingbad-returns/ If you are a Protected Media client, you don't need to worry about HummingWhale or any other malware. We got you covered even before Check Point released its findings.

Let us begin the new year with one of the most common questions we encounter whenever clients start digging into our service: Can you simply block IP addresses? With bots setting-up ranges of IP addresses for an attack, clients often wonder if we can simply block based on IP lists. The answer would be no. We could not provide a list or range for our customers to block by themselves. For example, let's take Amazon. Traffic that comes from Amazon AWS can have the best, if not the most, converted users. Very large companies use proxies on Amazon AWS in order to filter the that comes out of the organization. Blocking certain IP addresses from Amazon or ranges of IPs would risk degrading your advertising performance. Let us give another example—say, university websites or websites of large organizations. We do not block them because if we do, we risk giving a lot of false-positives and if we whitelist them, a lot of false-negatives. Our technology Our te

Every now and then we encounter clients who often wonder whether they can simply settle for Generic bot blockers, anti-credit/bank fraud vendors or even CDNs that add a security level. In our opinion, generic solutions are not intended to focus on anti-ad-fraud. Most of the models in credit fraud are profiling the user interaction. Ads are different. They are integrated in iframe, so all keyboard or mouse interactions are usually non-viewable. Not all ad-fraud types are related to bots and hosting providers. You need to be familiar with the adtech world… Some take the form of domain masking while others take the form of app masking. Having a generic CDN or bot blocker is less of a fortification. For further details about ‘blocking’ over digital platforms, please read our post about Skype. It has a more concrete illustration of how we address blocking related to ads and bots and anything that follows. -Zac

We believe that an anti-ad-fraud company should focus on one specific expertise. If you are a good “generic" anti-fraud provider, you will block all traffic coming from applications that are not browsers. While this is true for desktop traffic, this cannot be taken for granted in the mobile set-up, in which traffic comes from both apps and browsers. The question is what about apps like Skype? Skype and other similar desktop applications with a lot of ads will be blocked. Why? Skype has a lot of “valid” traffic. It is important that we understand that while it is a good app on the one hand, it is not a valid browser and will therefore be blocked by other "generic” anti-fraud companies. This will result in a loss of a very good traffic source. We work differently, identifying the actual fraudulent traffic rather than blocking traffic based on simple rules of thumb. Apparently, differentiating between app and browser traffic for desktop is not the silver bullet. In the m

What ??!?! Do you really think so? We see a lot of viruses that are being hosted on legitimate users and running in the background without their knowledge (and of course browsing a lot of ads...)  all these ads are coming from valid IDFAs and valid users ... it is good traffic? Probably not! - Zac