Taking a stand against malvertising


We’re taking a stand against malvertising and bad ads. Why? Publishing is hard enough without things like malware and auto-redirects. It’s complete BS that publishers even have to deal with these types of ads.

Publishers and readers are exposed to these ads through nefarious buyers who try to game the system intentionally slipping hard-to-detect malware and redirects into ads on the open exchange. Malware is a serious problem, with the goal of infecting computers creating botnets which can then be used to generate ad fraud. While redirects don’t feel as dangerous, they do cause a fair amount of annoyance by sending internet users to sites and app stores without consent to increase their user base.

The prominent industry tools available today rely on retroactive, sample based, third party scanning to identify ads or seats that distribute malicious ads. This has not been enough to solve the problem as there is too much room for error since ad quality is an ever moving target.

We’ve employed a team (real humans) dedicated to ad quality and empowered this team with detection tools to scan every single ad for malware and redirects every second of every day. Even when our team is sleeping our tech is constantly and consistently protecting your readers. Before the malicious ad can get to a publisher’s site, we identify it and stop it from getting served.

Since we’ve turned our proactive bad ad scanner on, we’ve seen incredible results. We are now able to identify which Demand Side Platforms (DSPs) and seats we are forced to drop bad ads on behalf of and to call them out on it. We protect publishers and their readers from 83,000 malicious ads, representing 0.5% of bids, we see every minute.

Ads containing malware dropped to almost zero after new scanning tools implemented.

Sovrn is not sitting on the sidelines; we are fighting alongside you trying to ensure a clean ad experience for your readers.

We continue to invest in people and technology to increase ad quality and bring more options for more control to you in the coming weeks and months.


Great news! In the past few years I’ve had 3 occasions where we were getting ads like this (mostly from Yahoo’s network I think.) Support was able to manually block them.

The thing is that you can’t know for sure that users in other geo’s, demographics, etc aren’t receiving them, so this great to hear.


Just to clarify, Is it percentage of bids? Or percentage of impressions with malware that has dropped? Did demand really stop sending that many bid requests with malware? Or is Confiant successfully blocking that many?


Hey Jordan, it is percentage of malicious bids that were getting through. The drop is due to our implementation with Confiant and they are successfully blocking that many. Pretty fantastic!


Very impressive! Thanks Sovrn!


Fantastic news! :smile_cat:

Rogue redirect ad (on mobile)

Good to know.
It will be beneficial for my website http://help4assignment.co.uk


Very happy to hear this. I had two instances of Google DFP warning me of malvertising coming through sovrn tags in the past month. It is unavoidable in this day and age, but seeing you guys being proactive about it is the right way to go.


You better be proactive about it, my readers complain about it all the time and I value them more than a check from you guys.


Let me know when you have a better handle on things because at this point, I have removed all Sovrn ad tags from my site. Getting angry messages from readers who are upset an ad has taken over their browser is no fun and it makes our site look bad. I’ve tried working with Sovrn to resolve these issues but to no avail. Sorry to have to remove those ad tags but it’s not a good user experience.


Hello, this is Andrew from the Sovrn support team.

I believe we identified the source of these redirects from this weekend and resolved the issue.
If you are still experiencing redirects, please email us directly at publishersupport@sovrn.com and we will be happy to take a further look at your individual case!




We are very cognizant of how big of an issue this is for all publishers. Although, we have always done our best, we acknowledge that we have struggled in the past to track down and eliminate redirects. Unfortunately, every case is unique and complicated to track as the bad actors purposely make their malicious actions difficult for DSPs and Exchanges to detect. What we were able to do in the past was completely dependent on the information that we were provided. And at times it felt like whack-a-mole with us getting a bad ad blocked on one DSP only to find it appear in another shortly after.

We continue to investigate every reported redirect fully to determine the responsible party. We also give publishers the correct ad partner to contact, if it has been reported to us by mistake. We know that if it is hard for us to track down the source of the bad ad, then it is also difficult for our publishers. When we find ourselves to be at fault we admit it and contact our demand sources directly to fix the issue immediately. When we find that we did not serve the ad, we pass the information along to the publisher so they can take action. We have a dedicated ad quality team that is available for bad ad support if you visit http://www.sovrn.com/support/.

Today, we now have the tools to proactively protect publishers and to better investigate malvertisements. We recently partnered with Confiant to scan every single OpenRTB bid response looking for malware and redirects. We can align only OpenRTB demand partners upon request, allowing the publisher to be confident that sovrn will not serve any malicious creatives. The downside is that there is a marginal revenue trade off which is not ideal for everyone. This is available upon request.

We are always available at http://www.sovrn.com/support/ to help set this up for you, discuss your options or answer any questions you might have. Please contact us and we can give you full rundown on our new partnership with Confiant and what it means for you.

We are dedicated to eradicating these ads from our exchange and appreciate your help and input in doing so. Please do not hesitate to reach out to us. We are reaching out to each individual publisher who has posted in this thread to be sure that we find the necessary solution and eradicate the issue, whether it be from sovrn or another ad partner, or both.

Thank you again for all the great input regarding this issue. We are always striving to get better and hearing your experiences helps us to do so.



The workaround to prevent such redirects is to put ads in iFrames and use the sandbox attribute.

<iframe sandbox="allow-forms allow-scripts allow-same-origin allow-pointer-lock allow-popups" width=300 height=250 src="sovrn-ad.html"></iframe>

There is pretty good browser support for the sandbox attribute so it should work everywhere except Opera Mini.

PS - I love Sovrn but in this case I find their response does not go far enough. The only acceptable level for malvertising is 0%. If Google can do it, so can Sovrn. The approach of finding the offending creative and blocking it is fundamentally wrong. The block needs to be at a much higher level than that. Block the entire demand source (e.g. DSP) until they clean up their act. Yes this has revenue impact but we should treat our users the way we like to be treated. Otherwise they’ll just install an ad blocker or stop coming to our site.


Well said and great work around. Definitely keeping Sovrn ads in iFrames moving forward.


While we appreciate our Publishing Community offering work arounds to the redirect problem, since we have not tested this solution internally, we Sovrn cannot endorse this method. If anyone uses this code, it is at their own risk and we do not encourage it. Please reach out to https://www.sovrn.com/support/ if you are interested in our applicable solutions. Thank you!


I’ve been seeing this more and more on my site. I just had an issue where it redirected me to another site, and made my phone vibrate like a phone call was coming in. When I hit back it took me to another scam page. It didn’t matter how many times I hit back, I couldn’t get back to my website! What a frustrating experience!


I have been dealing with this all weekend too. It seems to happen to my sites mostly on the weekends when people at Sovrn are not available. When you run 3-4 ad networks on your site it is a PITA when you have to figure out where the popups are coming from, about 90% of the time they are coming from here.

Very frustrated…


Did you try iframe solution shared earlier?


I tried but couldnt get it to work on my site.



Thank you again for contributing to the conversation.

In addition to the solutions that we have discussed previously, we are also looking into some preventative coding options in order to not allow redirects via our tags. Thank you for your patience and perseverance while we try and solve these issues. We will update everyone as these new solutions come to fruition.

In the meantime, if anyone else is still experiencing the redirects, please email contact us at https://www.sovrn.com/support/

Thank you!