clean.io releases data behind malicious ads

Data can help a tech product carry out its function, and improve. Put in context, it can also provide insights that can be valuable for all.

With a new report, South Baltimore-based clean.io is offering takeaways from its own work on stopping malicious ads — the kind that lock up screens, and potentially spread malware. To create the Summary of Malicious Ads and Reputation Threats (S.M.A.R.T.) report, the company drew on data from the more than 13,000 sites, apps and platforms that its platform protects for the second quarter.

“One of the principles of our business is to be open with our data and share it to help people learn,” said CEO clean.io Matt Gillis.

The report pulls together insights from the platform over 90 days, and clean.io plans to release it quarterly. There are plenty of numbers involved, but it’s not only about the data.

“If you really want to understand what’s going on you need to put your marketer hat on,” Gillis said. In other words, the attackers releasing malicious ads are thinking like performance marketers. That means they’re paying attention to return on investment, and they want ads that work.

“These are people that really only conduct these actions when they have the highest probability of profitability,” Gillis said.

One way to do that, Gillis said, is to create visually appealing ads. Many of the malicious ads the company is finding have a higher production quality than those in the past, Gillis said. They’ve got the bright colors, and even fraudulent presentations of big brand logos and other creative elements. Many also use ads for sweepstakes, dating sites or NSFW content, Gillis said. And they’re paying attention to where it’s being released, as well.

“They take that creative, and then now they figure out how they get the right message in front of the right person at the right time,” Gillis said.

That can mean embedding the bad ads within social media, where 23% of the ads the company prevented were found. Mobile advertising is also on the rise as a place where the ads are delivered, Gillis said.

clean.io looks to cut into the ROI through its approach. The company allows the ad to be purchased, but prevents the malicious JavaScript from executing. So the malicious advertiser isn’t getting engagement, which will in turn lead to no profits.

Other insights from the report:

• Timing: 63% of the threats happened on the weekend, when people were less likely to have defenses in place. Meanwhile, mornings saw 34% higher threat levels.
• Origin: More malicious ads are coming from countries outside to the U.S. Overall, international threats were up 181%. “What you’re seeing is these guys move internationally to evade detection,” Gillis said. It’s likely also profit-driven, as the bad actors look to make profit in other markets.
• Supply-side platforms: Ads are being delivered on more programmatic platforms. Where Q1 had 90% of threats from three platforms, Q2 had the same from six different platforms, the report states.

There’s more in the infographic below or at the full report.