Blog > PublishersAdvertisers

Malicious Redirects - User transparency is at stake with this ad marketing threat

Posted by Huzefa Hakim | April 1, 2024

Malicious Redirects - User transparency is at stake with this ad marketing threat

If you are a publisher, you must be tracking your ad marketing user data daily. However, did you know that a percentage of users who are supposed to visit and engage with ads on your page might be redirected to another page?

What’s worse? It may happen because there is something harmful present in your site and thus, even a genuine user activity might be skipped by your analytics team. After all, the activity never happened on your site.

Traditional fraud mitigation solutions can tell you what traffic is invalid but have you questioned the transparency of users visiting your site but being redirected to another page? Hold on to that thought

This is not a new problem. This has been in circulation since the last decade. In fact, in 2011, the London Stock Exchange’s home page was affected by this problem. Users trying to get to this webpage were shown a message that the site may contain malware. It was later disclosed that the message was shown by a third-party ad network that caused malicious malware to be downloaded on web users’ devices without their consent.

If not dealt with seriously, these redirects can cause huge losses to the ad marketing players.

Let’s understand this problem in depth

What are malicious redirects?

Malicious redirects are a form of ad fraud where users are unexpectedly sent to different websites than those they intended to visit. These redirects are often used by cybercriminals to drive traffic to phishing sites, scams, or other malicious content. The lack of transparency in these interactions undermines user trust and poses significant risks to both users and publishers in the ad marketing ecosystem

This technique is used for either of the following purposes

  1. Driving traffic to a website which has similar products and services to influence user purchase decisions
  2. Installing malware in the user’s device which when installed will compromise the personal information of the users and make them susceptible to huge liabilities

How are malicious codes injected into the website for these attacks?

Malicious actors employ a variety of sophisticated techniques to inject harmful code into legitimate websites, leading to malicious redirects. These methods not only exploit technological vulnerabilities but also human oversight, making it a multifaceted threat to ad marketing integrity. Here are some detailed explanations of these methods:

  1. Compromised ad networks: Attackers target ad networks by submitting ads that appear legitimate but are embedded with malicious code. Once these ads are distributed across websites, clicking on them triggers redirects to malicious sites. This method exploits the trust publishers place in ad networks to vet advertisements, turning a standard ad marketing practice into a vector for attack.
  2. Exploitation of website vulnerabilities: Websites that are not regularly updated or patched are prime targets for attackers. These vulnerabilities can be in the form of outdated CMS platforms, plugins, or web scripts. Cybercriminals use these weaknesses to inject redirect scripts into the website’s code, which execute when a user visits the site. This method underscores the importance of regular website maintenance and security updates in preventing ad fraud.
  3. Cross-Site Scripting (XSS) attacks: XSS attacks occur when attackers inject malicious scripts into web pages viewed by users. These scripts can be inserted via comments, forums, or any input fields that do not properly sanitize user input. When other users visit the compromised page, the script executes and redirects them to malicious sites, exploiting the site's functionality to spread harmful redirects.
  4. Phishing attacks on website administrators: Attackers often use phishing schemes to deceive website administrators into revealing login credentials. Once obtained, these credentials are used to gain unauthorized access to the website's backend, where the attacker can modify content, insert malicious redirect scripts, or even create new pages laden with malware.
  5. Third-party widgets and plugins: Many websites enhance their functionality with third-party widgets and plugins. However, if these tools are compromised or maliciously designed, they can serve as a conduit for injecting redirect code. Attackers may exploit vulnerabilities within these third-party elements or masquerade as legitimate tools to access a wide array of websites, illustrating the need for rigorous vetting of external components in ad marketing strategies.

How can publishers determine if their sites are infected with malware?

  1. Regular security audits: Publishers should use website security monitoring services that continuously scan for malware, suspicious activities, and vulnerabilities. These tools can detect anomalies in website behaviour, unauthorized changes to files, or the presence of malicious code, alerting administrators immediatelyConducting comprehensive audits of a website’s code, databases, and external plugins or widgets can help identify unauthorized insertions of malicious scripts. These audits should review all components of a website, including HTML/CSS files, JavaScript, and server-side scripts, for any code that looks suspicious or out of place.
  2. Analysing traffic patterns and user feedback: Sudden changes in traffic patterns, such as an unexpected drop in visitors or an increase in traffic from unusual locations, can be indicative of malicious redirects. Publishers should use analytics tools to track where their traffic is coming from and where it's being redirected to, paying close attention to any discrepancies or anomalies. To ease the process of traffic analysis and verification, employing a third-party fraud mitigation solution, like ClearTrust, can help you obtain a seamless experience while keeping the traffic anomalies under check.
  3. Utilizing website scanning and malware detection services: There are specialized services and software solutions designed to scan websites for known malware signatures and vulnerabilities. These services can perform deep scans of a website's files and databases, identifying and sometimes automatically removing known threats.

Malware often leaves traces in the form of modified or newly added files. Tools that monitor file integrity can alert publishers to unauthorized changes on their websites, which could be indicative of a malware infection. This includes checking for unexpected changes in website content, new or modified scripts, and other alterations that weren't authorized by the website administrators.

Malicious redirects pose a significant threat to the integrity of ad marketing, impacting user experience and eroding trust in digital platforms. In the battle against malicious redirects, knowledge, vigilance, and the right partnerships are key. By understanding how these attacks occur, taking steps to detect them, and employing targeted solutions, publishers can protect their sites, their users, and the transparency that underpins user trust in ad marketing.