Malvertising – Part 1: Internet advertising basics

bildschirmfoto-2016-10-03-um-20-53-58Imagine surfing the web on a normal trustworthy website. On the top of the page you see an ad for something that interests you, e.g. the newest smartphone you like for an unbelievable cheap price. You click on the ad. Why wouldn’t you? You’re on a trustworthy site after all. The ad turns out to be a hoax, there are no smartphones for a price that cheap. Over the next few days you notice some strange behaviour from your computer.  Turns out, your computer is infected with some malware. How could this happen? In this case, you’ve been a victim of malvertising. Malvertising is a word composed of Malware and Advertising. As you probably already suspect right now, it means infecting users with malware via advertising on the internet. In this series of articles, I want to give you an introduction to malvertising, first by looking at some basics of advertising on the internet.

The business model of most websites is based on revenue generated by showing advertisements to its users. By generating revenue in this way, businesses can offer services at no other cost for the users. The market for advertisers is steadily growing, especially on mobile devices. According to the Internet Ad Revenue Report by IAB, the revenue of advertisers grew on average by 17% each year in the last 10 years.

To explain internet advertising, first you need to know some basic terms. First of all, there are advertisers. Advertisers are companies that offer advertisements of their product to websites. The websites showing them are called publishers. Publishers get paid by the advertisers. Usually in web advertising, a publisher is paid per impression, i.e. the ad is shown to a visitor. Other payment types are per click on the ad or per conversion, i.e. a visitor buys the product advertised.

Ad network
Schema of an ad network

The two groups, advertisers and publishers are connected by a common market, the so called ad networks. These networks manage an inventory of ad spaces from publishers and sell parts of it in advance to advertisers. The ads are then delivered to the publishers by the ad network. In order to do this, ad networks need to forecast, how many ad spaces they have to sell. The ad impressions also need to be tracked for later payment. Ad buys over an ad network can be targeted towards a special audience. For this, the networks categorize the publisher’s pages, e.g. in interest areas (news, computers, cars etc.) or in targeted audiences (e.g. women, people under 30 etc.). This helps the advertisers sell their product to a specific audience. Examples for ad networks are Google AdSense and Yahoo! Bing network. Advertisers often sell their ads not only on one ad network but on many to maximise their target reach.

Real-time bidding in an ad exchange
Schematic overview of real-time bidding in an ad exchange

While these ad networks have been around for almost 20 years now, there is a newer solution that simplifies the relations between advertisers and publishers, ad exchanges. An ad exchange is like an ad network a market place between publishers and advertisers. The difference lies in the real time manner of ad exchange. While ad networks offer an inventory of publisher ads and need to forecast at a prior time, how many ad spaces they have available to sell, an ad exchange sells ad spaces immediately as a user visits a publishers page. This is called real time bidding. When a user visits a page that contains ad spaces that are on offer in an ad exchange (1 in the graphic above), a series of actions is triggered. The publisher requests an ad for that page on the ad exchange. The ad exchange offers this ad space to advertisers , providing further information about the site for targeting. Then, an auction process starts, in which advertisers can offer a certain amount for this ad space (2). This auction only lasts for a few milliseconds. The ad of the winning advertiser is then delivered by the ad exchange to the user (3). This whole process only takes a few milliseconds and is unnoticeable for the user. By doing real time bidding, ad exchanges don’t need to forecast inventory of ad spaces or measure the impressions of an ad, since the bidding is done for one impression at a time. This also brings with it a direct competition between advertisers for each user. Another advantage is the targeting for each impression. With real time bidding, advertisers can utilise more specific targeting, for example they want to target a man aged between 30-50 from Germany. With more specific information available about each visitor, e.g. from cookies, advertisers can target such a group of people more reliable by using an ad exchange than by using an ad network. The most important ad exchange is Google’s DoubleClick. Another significant ad exchange is AppNexus.

This concludes the short overview over the advertising market on the web. In the next article of the series I will explain the really interesting stuff: What is Malvertising?