Posts Tagged ‘REVV for publishers’

Aggressive Malware Attack Threatened 150 Publishers.

September 8th, 2011

John Clyman

Last week, in the early-morning hours, the Rubicon Project’s brand protection technology flagged an anomaly among a handful of the tens of thousands of ad tags we manage. After blocking those suspect tags to make sure they wouldn’t be permitted to serve on any sites, our analysis showed that they contained unusual code and would, under the right conditions, attempt to download Windows executable files — that is, not just images or animations or videos, but actual software programs.

Why would a display ad try to download a software program? Because it was being used as a vehicle for malicious advertising, or “malvertising,” which distributes dangerous software known as malware via an otherwise standard looking ad banner. But before the malicious ads could achieve their goal, REVV’s SiteScout malware protection technology prevented this malvertising attack from serving hundreds of thousands of impressions across more than 150 Websites while we got to the root of the issue.

How did we keep 150 publishers safe from a single, extremely prolific malware threat? SiteScout performs dynamic, behavioral scans of creative as they appear “in the wild” (on real websites, in real time). That means SiteScout actually renders ads in a browser, lets JavaScript and Flash execute, and generally behaves as a Website visitor would, in order to be exposed to the same threats as users would. This is proprietary technology that the Brand Protection & Security team at Rubicon manages and continually refines; we’re not relying on third-party security software, which may not be able to protect against the most dangerous kinds of threats, the so-called “zero-day” exploits that aren’t yet known to the anti-malware community.

Back to the story at hand: over the following days, SiteScout kept the affected ad tags — and indeed all ad tags from the affected ad network — in a quarantined state and continued its monitoring as more than three dozen of the tags began showing signs of infection. Some malvertising makes its presence obvious by popping up scary announcements proclaiming “Your computer is infected!” and demanding money for bogus “security” software. But this malware was invisible. Still, in our controlled malware-analysis environments, we could see it quietly worming its way onto machines. An ad would reach out to a server on a domain in India, download software that would superficially masquerade as an update to an Adobe product, and entrench itself on a target system.

So why do malware authors do this nasty stuff? Because if they can sneak a bit of unwanted code onto a computer, they can turn that computer into a virtual cash machine. In effect, the malware authors plant moles in PCs around the world. Their code can then do their bidding, whatever that may be on a given day, and users might never even be aware it’s there. Maybe the malware authors intend enlist the computers in a botnet that they can rent out to send spam or attack Web sites and extort ransom money to stop. Maybe their mothers didn’t give them enough positive reinforcement. Who knows — the possibilities are endless.

Here’s where it gets really scary. Neither the ad network nor the advertiser itself was acting maliciously. Instead, the ad network’s own servers had been hacked; the advertiser had no idea their otherwise high-quality ad creative had been hijacked. The malware authors managed to insert their unwanted code into ad tags, doubtless expecting that those tags would then serve on a wide swath of high-traffic Web sites. Except that SiteScout disabled the tags to prevent them from appearing on sites that rely on the REVV for publishers platform. Evildoers, foiled again.

How does an ad ops staff proactively monitor tens of thousands of tags running worldwide on a 24-by-7 basis for signs of invisible malware infections? They can’t. But with REVV, the first line of defense comes not from people but from our industrial-scale automated brand protection technology. It wasn’t people but technology that found those attacks in the middle of the night, because REVV has hundreds of machines continuously assessing tens of thousands of ad tags. Our platform performs upward of a million scans daily from dozens of geographic locations, and our technology carefully sifts the resulting data to identify any anomalous behavior — which in this case we observed from six locations in three countries (via our proxy system, which monitors traffic around the globe). When the automated system finds a suspect tag, it immediately shuts it off and shifts traffic to other tags, making sure that publishers continue to generate maximum revenue while remaining protected from threats. And when an incident occurs, REVV continues to monitor those disabled tags and our team works with affected ad networks to ensure that the problem gets corrected.

Although this incident was about malvertising, malicious ads are just one of the ad quality issues that our brand protection systems watch for on a continuous, automated basis. The systems also detect undesired behaviors like auto-play audio and unauthorized pop-ups — far more common than actual malvertising outbreaks, but still something that many publishers understandably object to and have set controls to prevent. And our creative harvesting systems, helix & VANTAGE, feed our crowd-sourced ad-classification engine, AdCheq, which identifies issues like potential channel conflicts and ad-quality guideline violations. We’re continually improving all these capabilities so REVV delivers a comprehensive, multi-layered approach to protecting publishers’ reputations, direct sales channels and the user experiences on their sites. I welcome feedback on what we can do to make them even better.

Beautiful Minds

March 25th, 2011

Devan Fearman

As you may have already read, we’ve hired three seasoned business leaders to join the Rubicon Project family: Nick Hulse, Bill Harries and Bill McHargue. As our focus and energy is being spent on growing our business from a great publisher product (yield optimization) to a great publisher platform, we’re certain these guys have the background and experience to help do just that.

We also made a few internal executive promotions. Company founder, Craig Roah, has been promoted to the role of President; Josh Wexler to Senior Vice President, Market Development; and Seizo Welch to Senior Vice President of Finance. These gentlemen have been instrumental in our growth and success to date. And now with a full team in place, our management team is completely supported – enabling them to focus on taking our company to great heights.

Needless to say, it’s an exciting time to be at the Rubicon Project. And before we throw Nick, Bill Harries and Bill McHargue into the thick of things, we wanted to hear why they decided to join the Rubicon Project family. Here is what they had to say:

Bill Harries: “The Rubicon Project is a great example of how the advances in internet technology over the last 15 years is making possible revolutionary changes in the way technology can be applied to today’s business problems.  Matching online advertising inventory with the buyers that want to buy that inventory is screaming for automation.  Applying technology to this problem lets us maximize the revenue for the publishers while protecting their brand, increase the effectiveness of the advertising dollars spent, all the while saving time and effort for all concerned in the process.  These types of innovations represent the future of information technology and it makes Rubicon an exciting place to be.”

Bill McHargue: “I decided to join the Rubicon Project because the company scored off the charts relative to three main decision criteria. 1) People. Its not often you find companies after the initial start up years and such hyper growth, including 3 acquisitions, a company that can maintain a great culture. The people at the Rubicon Project are the best in the advertising technology space. People with passion build great companies. 2) Product. Personally, Sales is no where without a rock-solid product. The Rubicon Project pioneered the space of yield optimization and REVV continues to be the world’s largest market place for buying and selling advertising across the Internet. The company’s milestones of achievement speak volumes to both our customers and our dedicated work force.  3). Opportunity. The company’s road map and vision for the future are truly exciting. The path ahead of us is remarkable and I am fortunate to be a part of the team to help realize those goals.”

And as Nick shared with us in the press release: “I am delighted to be joining the Rubicon Project team. I come to this role with a deep appreciation of the work that the team has done to evolve the company into a market leader and I’m truly excited to be part of an organization that has a very promising future. I will be focused on enhancing an already customer-centric organization with a strategy for increased support, service and innovation for our premium publishers, enabling them to grow their businesses as a result of using the REVV platform.”

Welcome aboard, guys!

Optimizing for 2011

November 19th, 2010

Devan Fearman

What a year it’s been, both here at the Rubicon Project and across our industry. As we witnessed among publishers leveraging the REVV platform and recorded in a few of our past market reports – the industry has continued to see growth in advertising spend throughout the year.  In Q2 alone, the Rubicon 20 Index, a measure of performance across a number of factors (including CPM, revenue and traffic volume) on a roster of twenty of the Web’s most heavily-trafficked properties, rose 47 percent  since the start of 2010.  And this trend has been echoed by numerous industry research firms. The Interactive Advertising Bureau (IAB) recently released a report with PriceWaterhouseCoopers, finding ad revenues up by 17 percent in Q3, reaching $6.4 billion.

Looking ahead to 2011, eMarketer predicts total U.S. online ad spend will reach $27.2 billion, which is no surprise. With the market innovations we and our industry peers continue to deliver to the industry, we firmly believe that overall display market is becoming more efficient and effective. As such, we expect marketers to continue to drive more dollars toward display advertising in order to reach hundreds of millions of consumers around the world.

That said, factors both new and old will affect Q1 spend. Historically, seasonal market factors influence online advertising revenue most significantly between Q4 & Q1 as holiday campaigns close out, budgets for the New Year take time to ramp up and the overall market tends to drop in January. We anticipate this will be true again in 2011.

There are certainly economic factors that will impact online advertising revenue in Q1, and while we’re optimistic, we can’t pretend to know exactly what’s coming. Between our strong partnerships and direct access to over 600 ad networks, exchanges and DSPs that access audience and inventory through the REVV Marketplace, we know many advertisers have not yet set their Q1 budgets for 2011 – potentially slowing already reduced first quarter spending.

On the flip side, reports continue to suggest that brands are moving dollars away from traditional media and onto the more measurable online access points to publisher inventory, including real-time bidding (RTB). For these reasons, no one knows what kind of impact we may see in Q1. The number of demand partners in the marketplace has nearly doubled year over year, which could also make the seasonal Q1 decline less impactful. All those variables aside, it is possible that in the early part of the quarter some publishers will experience diminished fill rates and CPM rate drops. In years past, an upward tick begins midway through the quarter; the same will likely be true in 2011.

As a partner to more than 350 premium publishers and the developer of REVV, the technology platform that powers the largest display ad marketplace in the world, the Rubicon Project is taking steps to ensure continued revenue growth for publishers in the new year. Through the REVV Marketplace, premium publishers are exposed to the maximum number of demand channels possible – which will help drive higher revenue. And different from previous years, publishers may also minimize the seasonal impact of Q1 by  leveraging Protected RTB™ 1.1 technology as an additional demand channel.

The graph below expresses, with 2.5 years of historical pricing data captured through the REVV Yield Optimization platform, the seasonal impacts of CPMs throughout the year. All variables remaining constant (traffic fluctuations, user session length, RTB, ad types and sizes, advertiser block lists, geography and other macro-economic variables) January is clearly the lowest paying month of the year trending upward for the remainder of the year and ending on a high note in December with CPM’s at 53% higher than January. Additionally, while ad spend is lower at the beginning of each quarter, there is consistent upward pressure driving CPMs higher quarter over quarter.