Malware Ads! Please help


#1

Does Sovrn work with Pubmatic? We tracked the ads down to pubmatic but it was from the Sovrn tag. I checked around on the forum and it seems like other publhttp://i.imgur.com/PwIEeuf.pngishers are getting it and its also Pubmatic. Is there a way we can block Pubmatic out?


#2

Hey,

Thank you for reaching out to us regarding this bad ad that you are experiencing. I will be glad to help you out. I am going to reach out to you directly via email. Thank you!

Jordan


#3

Hello,
We have been working with Pubmatic and they have blocked the buyers who were responsible for the recent issues. Overall, this demand partner sends us clean inventory.
Thanks,
Andrew


#4

Got more bad ads yesterday.


#5

Thank you for contacting us with this. I am reaching out directly by email.

Thanks,
Jordan


#6

Using safe iFrames and still breaking out, got a slew of complaints yesterday. These advertisers realize they are ruining the industry and they simply don’t give a shit.


#7

Hi,

When was the last redirect complaint (time, date, timezone)?

We are working hard to stop these from reaching our publisher pages. We have received word that many different partners are experiencing these. We have successfully blocked many over the weekend. We are currently trying to recreate and irradicate on your site now.

Thanks,
Jordan


#8

We got some too this weekend, its was reported from our UK people and it was also desktop redirect. I attached an image.


#9

Hello,

Thank you for reaching out. When was the last reported redirect from (date, time, timezone)? We are trying to establish a timeline and decipher which redirects are still occurring, as we have blocked many.

Thank you!
Jordan


#10

I am getting the MANY MANY reports from USERS now and over the last few hours. It is EXTREMELY Frustrating… Is there something you can do to STOP these ads from being served to my site now…

We were also receiving reports all weekend and it is starting to cause readers not to visit our site.

Thanks,

Tommy


#11

Hi There,

I have toggled you into our sensitive publisher list. This will prevent any ads that are not scanned by our third party scanning software from reaching your page. This should eliminate the ad issues you are seeing. Please let me know if you are still seeing any issues.

Thanks,
Jordan


#12

We have been getting waves of complaints about redirect ads on all our mobile properties. Here’s two screenshot examples, from a couple of our sites - pretty much matching what the above folks are describing. It’s really spiked in the last couple of weeks.

Standard redirect behavior, after a few seconds, the fullscreen popup appears and they get whisked away. This is getting to be a regular serious issue for SOVRN. We are not seeing these waves of redirects coming through any of our other agencies (Rubicon, Google, etc…)

Account: BoLSInteractive


#13

Hi everyone,

I just wanted to add my current observations with related malicious ads on my site as a publisher to perhaps help anyone who wants to investigate further. I am seeing lots of window redirects to a fake google site, hosted on several domains, which triggers a javascript alert() telling the user he/she has won a prize. The alert message appears before the malicious site renders, so the message actually renders on top of my site. I am seeing this behavior merely on iOS devices, but can trigger the behavior by simulating an iOS device via Chrome DevTools in private Incognito mode.

I am pretty sure this comes from a malicious ad, not necessarily via sovrn though, probably at some other point down the line and more than one SSP could be affected. I am using prebid BTW.

Here are some of the redirected domains:

Here are some screenshots, also with console messages on a cross-site-scripting attempt to redirect to kankanpian.cc and a list of all documents referring to kankan:




I hope these infos are of help.


#14

More complaints again. I’ve requested to be moved to the sensitive category via support. I have these ads all in sandbox iFrames too, if sensitive category doesn’t fix it then that’s it, all tags will be removed.

Side note for Jordan: It’s very deceptive that you mention the sensitive category is the only way to get coverage with your third party scanning when you just put out this press release: https://www.sovrn.com/blog/malvertising-sucks-clean-ads-rule/

Recent complaint with image from Thursday 5:00~PM EST around Baltimore MD area.


#15

Thank you to everyone for their input on this issue. We are currently doing everything we can to stop these ads from being served via our exchange and in turn sending the information upstream to be able to block at the source. All info and complaints are appreciated and we will take action accordingly.

@avinuity I have added blocks to your account that also limit surveys, dialog boxes, and interactive style ads, such as the ones you are experiencing. I also added the URL from the screenshot to your blocklist. I am hoping this will remedy the issues you are seeing. With regards to confiant only being able to scan a large portion of our demand; that is why we created the sensitive publisher toggle, so that people could opt in to only that demand that is scanned. We are working to integrate all demand partners to be scanned, but these things do not happen over night and we are working very hard to cross that bridge.

Thank you!
Jordan

As always, contact us here: https://www.sovrn.com/support/


#16

More mobile redirects on belloflostsouls.net - again. It looks like this campaign started running early in the AM Saturday July 1st. We have a spike of complaints from this new one.

I would strongly suggest that SOVRN have someone/way for publishers to report and you to look into these things on weekends as that is when they typically start the redirect campaigns. I understand that you are using a new software suite to deal with this, but again, we work with multiple agencies and this occurs over and over and over with SOVRN.

Please pass on to SOVRN senior management that this is the #1 issue that will make publishers pull your tags and move on to other agencies.

Please assist.

-Larry


#17

I was told this exchange was blocked but it’s still showing up. Please block this exchange because they are known for malware ads.

serv.clicksor.net/cpxcenter/dpop.php?nid=1522&pid=69586&sid=70822&zone=114143&durl=&subid=37&opt1=


#18

Hello,
The industry saw an uptick in these redirects at the end of June. The bad actors seem to be more active at the end of the month. Sovrn is proactively scanning for and blocking these type of unwanted ads. However, there are times when these creatives get past our blocks. We are always working on improving our scanning and coming up with a solution for these gyroscopic evasion techniques currently being used by malvertisers.

If you email us at publishersupport@sovrn.com we can respond to your particular case.
Thanks,
Andrew


#19

I’m in sensitive ad category and … this came up for a reader just now.

Your tags? https://www.youtube.com/watch?v=F2Z2CklSxM0


#20

Hi, I’m also having problems on my site with rogue adverts. Some of the ads are completely taking over the site and quite a few users are rightly complaining.

Here’s a few example URLs (from a French user):

1:

http://downloads.gratorama.com/lp/fr/WH-style/aladin_200/index.html?brandId=2&campaignId=30852&mediaId=5235&mode=1&affiliateProfileName=38265&V1=ecdd2699-1e67-4c64-890f-7c57e6575d52&V2=ecdd2699-1e67-4c64-890f-7c57e6575d52&ABClicks=2&shorten_link=5817614e1c5d2&shorten_target=8901&netoClickId=596b2fa795d1b60d6d8b45bb

2:

http://92pzz.isolate.hahi.gdn/?sov=471159270&hid=eseokeqooee&&redid=38265&gsid=68&campaign_id=20&p_id=11895&id=XNSX.hbr-r38265-t68&impid=d1dc527c-699e-11e7-a73d-12c26be3c49e#

3:

http://www.rosefeedback.com/?sid=isp.mvt.fr.49er&ow=fr.el4qnwes8rrekcmz&isp=NC%20Numericable%20S.A.&browser=Chrome&os=Windows&region=Ile-de-France&city=Levallois-perret&ip=85.169.58.218&countryname=France&device=DESKTOP&brand=Desktop&model=&country=FR&track=t.rosefeedback.com&tid=79c1fb15-4347-4f4e-9518-845b5b0deaa5&caid=95cfcafe-039e-4c6d-b44b-f1c2af29e5ec&did=Windows_38265&voluumdata=BASE64dmlkLi4wMDAwMDAwMi03NWE2LTRiODEtODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLjBkNzVkODAwLTY4NjItMTFlNy04MDVjLWY3MGNiNjAzMjZiNV9fY2FpZC4uOTVjZmNhZmUtMDM5ZS00YzZkLWI0NGItZjFjMmFmMjllNWVjX19ydC4uSEpfX2xpZC4uYTc1NWQ0NmYtZmRmNC00NjRhLWJiY2ItMGNhZDNjNWJhMzVhX19vaWQxLi43MTlkMzgyYS1kNzc2LTQ1MWUtOWMyNS1hZTQzNGQ1ZTg4ZTVfX29pZDIuLjJjNDlhYjllLThhODItNDA3OC1hMWUyLWJmYmU3NGM3MTcwZV9fb2lkMy4uZGQwMDY0NTUtNzliMi00NGQ5LWE5OTAtNzg4Y2Y1Y2JiMDlmX19vaWQ0Li40YzJkODdhNi0zYWZjLTRjMDUtOTI2ZS1lZmZkMjVjYjdlN2JfX29pZDUuLjA4ODQ5MjRiLTBmZmMtNDQ5YS04MTg5LTkwY2M4YzJlZGI0OF9fb2lkNi4uMjY5NWFlNzgtMzQ2MC00MmU0LWIwY2UtMWI5NGU5ODBhMDI5X19vaWQ3Li41OTNlNzYxMC01NzZmLTQ0YzQtYmI2Mi05MzMzNTc1OWE3OTFfX29pZDguLjdiMzlkMWFlLWE5NzctNDEyNS05NGUxLWM2MmQxMzE3OThjZF9fb2lkOS4uMWYyMWQzNzMtODliMi00MGI4LTkwMTEtOTU5Mzg2N2EyMjRjX19vaWQxMC4uZDAyYWU2NDgtMWEzMi00NTFmLTg4M2ItZTgwODk1YmRjZGJmX192YXIxLi4zODI2NV9fdmFyMi4uNDcxMTU5MjcwX192YXIzLi5NMTg4OFpTU0lWNFRDMzBBX19yZC4ub2RsenpcLlxhd2Vzb21lXC5caGFoaVwuXGdkbl9fYWlkLi5fX2FiLi5fX3NpZC4uX19jcmkuLl9fcHViLi5fX2RpZC4uX19kaXQuLl9fcGlkLi5fX2l0Li5fX3Z0Li4xNTAwMDE4NzEwMzY4&source=38265&sourcesub=471159270&clickid=M1888ZSSIV4TC30A