Respond to malvertising alerts
Malvertising is advertising that is used to distribute malware. DFP checks creatives and line items for malvertising that may include viruses, trojans, and URLs, fake GIF files or SWF (Flash) files found to contain malicious code. If a line item or creative is found to be compromised, DFP automatically stops it from serving and sends an email alert to the network contact.
What to do if you receive a malvertising alert
When DFP detects potential malvertising, it sets an in-product alert and sends an email to all users in your network with the default Administrator role. If you use custom roles, the email is sent to any user whose role includes the "Receive all malware notifications" permission.
If you receive a malvertising notification email or alert for one of your line items or creatives, check the line item or creative immediately. Do not click on or render the creative or line item. If it hasn't been deactivated automatically, deactivate it immediately. You can't reactivate the line item or creative until it's been cleared by the malware team.
Additionally, we recommend that you follow up with the third party that supplied you with the infected creative or link.
More about malvertising
Google actively works with trusted advertisers and partners to help prevent malware in ads. However, no system is perfect, and as a publisher you should conscientiously take steps to avoid accepting malicious ads. Doing so not only protects your site and preserves your inventory’s value, but it also helps ensure the vitality of the online ads ecosystem.
Anti-Malvertising.com, which was created by Google’s Anti-Malvertising team, provides the following guidance, among other useful information:
Where necessary, work with your advertisers to employ these practices.
Types of malvertising
Malvertising can appear in the following forms:
The creative is bad and likely advertises a fraudulent advertiser. These include iframes going to bad URLs and
.swffiles that act maliciously.
Third-party redirect to either an ad server or ad network
The creative is a valid ad network redirect. However, in this instance we received a malicious creative from that ad network.
Compromised landing page
The line item or creative was good and for a real advertiser. However, the landing page was compromised, so we are banning the line item or creative until they correct the landing page.