Spyware Sucks

The site referrer report for this blog has revealed reports of malicious banner advertisements appearing on not only classmates.com, but also the StarTribune National News site, cincinnati.com, news.enquirer.com, NYPost and cincymoms.com (and who knows how many more).

I'm seeing a common theme in many recent outbreaks - far too often victim web sites are managing their own advertising content and, when this happens, the advertising network that the website is using is unable to shut down a malicious campaign, instead having to wait until the victim site shuts down the malvertisement at their own behest.

This is a situation that requires discussion and thought.  For example, is it acceptable for an advertising network to be in a situation where their software or infrastructure is being used to distribute malvertisements, yet be unable to remove the malvertisements because they don't have primary control?

I remember back when blich.ch was hit by the skyauction malvertisement, it was nine.ch that was in the hotseat.  Eventually nine.ch "firewalled" the malicious advertisement but in the interim who knows how many thousands, or tens of thousands, of people were exposed to a malvertisement which we knew was there, but were unable to immediately shut down.

cite:  http://msmvps.com/blogs/spywaresucks/archive/2008/01/09/1450217.aspx

My personal opinion is that advertising networks must maintain the right to immediately block malicious advertising content as soon as it is reported to them, because it is of critical importance that malvertisements as shut down as soon as possible.  Far too often I have seen delays of hours, days or even weeks while advertising networks try to contact website administrators, or convince recalcitrant administrators to act.

Your thoughts?