I received an email today advising me that I have been awarded Microsoft MVP status for the 11th time.
Unlike my previous 10 awards, this time I have been awarded Microsoft MVP under the specialty “Consumer Security: Training” instead of as an Internet Explorer MVP. I think that is perfectly appropriate; for years I have focused on Consumer Security from the perspective of an Internet Explorer user, but in recent years my focus has moved to studying malvertizing – what it is, how it works, and who is behind it – and, most importantly, sharing and passing on that knowledge and advising advertising networks and web site owners on how to best avoid the miscreants behind malicious advertising.
Avoiding the bad guys is NOT easy, and is getting harder all the time. As the Internet Community as a whole has become more aware, and as people as myself have put so much time and effort into educating the community, the bad guys have had to match our efforts and become sneakier. The impersonation of legitimate companies has become more common; malicious SWF advertisements seem to be falling out of favor as we get better at detecting them, and the bad guys no longer dump all of their eggs in the one basket.
The most important thing that any of us can do is complete comprehensive reputational research and background checks into any new advertiser/partner/client. And, don’t take what is on those credit reference forms at face value. Double check that the phone number supplied for the credit reference matches the company that he or she claims to work for. If approached by a well known company, make sure that the domain being used actually belongs to that company.
If you are approached by a well known company, put the attraction of money aside and ask yourself why they would want to advertise with you, and be honest with yourself in your answers. Do you attract enough traffic to make it worth their while? Are you well known enough? Is your target audience appropriate to what they are selling? Is there a sense of urgency to the sale? Are they contacting you at unusual times of the day or night? Are they reluctant to speak by telephone? Does an answering machine pick up too often?
A good reputation is hard won, and easily lost, and the negative press caused by a malvertizing incident does not go away. Your web site may be blocked by the various web reputation services that are available nowadays. Google may block access to your site via web searches. Eventually there may be a noticeable reduction in advertising income if your visitors take it upon themselves to block all advertising for their own protection, or they may become angry or frustrated and stop visiting at all, especially if there is more than one malvertizing incident.
Finally – train your staff. Make www.anti-malvertising.com required reading and DO WHAT IS SUGGESTED. If, despite your best efforts, you receive reports of problems from your visitors, DO NOT assume that your visitor is blaming you unfairly, or that there may be a problem with their computer. Take *all* reports seriously, and ASK FOR HELP. It is unlikely that your visitors will be sophisticated enough to be able to gather the evidence you need on their own, and the bad guys are very good at hiding their activities from you using various tricks.
And keep reading this blog :)