![]() ![]() A portion of the ad code How does the malicious ad work?Īfter we identified the partner, another engineer and I became curious about what exactly was happening to cause the redirect and annoy all users served the malicious ad. Our tools for blocking this require us to identify the source of each malicious ad and block it, which is reactive and not preventative. Whoever was behind the ad, however, kept finding ways into the system throughout the week on Vox Media sites and many others around the web. By the end of the day we felt we had successfully blocked the ad and had stopped receiving reports of redirects for the day. Our AdOps team moved quickly to alert the vendor whose network was being used to serve the ad, and we blocked the source of the issue in Google’s tools. Within about an hour we had successfully replicated the issue and pinpointed the source. In this instance, I got lucky and I was seeing the redirects on my computer so it took me much less time than usual to catch the redirect in action. Just because one user sees the malicious ad does not mean everyone will, and that makes it hard to replicate the issue on our own devices. Vox Media’s Ad Operations (AdOps) team works as quickly as possible to stop ads like these from loading on our site, but we have to find out where they are coming from in order to stop them. We work really hard to achieve that goal, and when ads like these make it to our sites, we take it extremely seriously. It’s a goal at Vox Media that user experience should not be sacrificed to generate revenue. We don’t do popover or interstitial ads that cover content, we don’t allow autoplay video with sound in ads, and we have spent a significant amount of engineering time trying to make sure that the loading of ads does not shift around content (work is ongoing!). ![]() I work on one of the three teams at Vox Media whose shared goals are to make advertising on our sites user-friendly and non-intrusive. An ad hijacked the page you wanted to visit to make you visit a different webpage. It’s not a virus and nothing on your phone had been hacked to trigger it. There was nothing you could do to stop it. Once that ad was loaded, the code triggered the popup that I mentioned above, and when you clicked to dismiss it, it redirected you to the site. Unbeknownst to our ad server or the publisher of the article, one of the ads that loaded on the page contained malicious code. All of this happened in a second or two while the page was loading. Those servers responded with bids for the slots, and the provider chose the winning bid for each slot and loaded in the provided ad code. When you visited the page you wanted to view, our ad serving provider (we use Google’s DFP, other companies may use other providers) alerted servers at various ad companies that it had a few ad slots available on the page. Rather, you visited a page with advertising and a malicious ad was served to you. Good news, your phone has not been hacked. What, you may have asked, should you do to fix this? Also, you didn’t even get to enjoy the content you were trying to see.Īll of these fears make a lot of sense, but none of them are actually what happened to you. ![]() You may have immediately feared that your phone has been hacked, or has a virus, or something else equally bad. The ads are intentionally designed to prey on your confusion: to make you think the gift card offer is real so you will put personal information into the form on the site you’re redirected to. They are frustrating and confusing to everyone who encounters them. ![]() Reports of these ads were everywhere on Twitter in early January. The malicious ad I was served Was I hacked? Did I have a virus? ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |