Don Marti

Sat 18 Apr 2015 07:57:06 AM PDT

The end of Please Turn Off Your Ad Blocker

More news from the ongoing malvertising outbreak.

Laurie Sullivan: Google DoubleClick Network Hit With More Malvertising.
maartenvdantzig: Liveblog: Malvertising from Google advertisements via possibly compromised reseller
Malwarebytes: Booby-trapped Hugo Boss Advert Spreads Cryptowall Ransomware

These aren't skeevy ads on low-reputation pirate sites. These attacks are coming in on big-budget sites such as AOL's Huffington Post, and included in fake ads for real brands such as Hugo Boss. They're using A-list adtech companies. Read the articles. Nasty stuff. The ongoing web ad fraud problem is hitting users now, not just advertisers.

So far the response from the ad networks has been a few whacks at the problem accounts. So I can make the safest kind of prediction: someone made money doing something not very risky, not much has changed, so they'll do it again and others will copy them. Want to bet against me?

Users already trust web ads less than any other ad medium. Malvertising takes a form of advertising that's a bad deal for the user and makes it worse. (If sewer rats are coming out of the commode, users are going to put a brick on the lid. If the rats have rabies, make that two bricks.)

The more malvertising that comes along, the more that the "please turn off your ad blocker" message on web sites is going to look not just silly, but irresponsible or just plain scary. "Turn off your ad blocker" sounds like the web version of "If you can't open lottery-winner-wire-transfer.zip, turn off your antivirus."

Time to rewrite the "turn off your ad blocker" messages and talk about a sensible alternative. Instead of running a general ad blocker (and encouraging the "acceptable ads" racket) or running entirely unprotected, the hard part is just starting: how to educate users about third-party content protection that works for everyone: users, sites, and responsible advertisers.