First thing Monday morning, it was brought to our attention by a former Head of Privacy at Microsoft, and former TRUSTe Board Member, Richard Purcell, that the AdVantage software application, was serving malicious advertising. By Tuesday morning, Sandi Hardmeier, TRUSTe’s Online Compliance Researcher, was able to confirm and reproduce the malicious ads and by Tuesday afternoon, a Suspension Letter was issued. Our focus now turns to the security and control mechanisms that Vomba will need to remain in the program.
Research confirmed that an ad displayed by AdVantage contained a script that opened a web page containing another script that checked the date, time and regional settings of the user’s computer. This ultimately redirected some viewers to a web site that attempted to install fake anti-spyware software on the user’s machine via multiple dialog boxes, some without a cancel button, and dialog boxes that spawn other boxes upon the user’s attempt to close them.
Karl Bernard, Vomba’s President, responded immediately and removed the offending ads as soon as he was notified (well after business hours East Coast Time). He stated that the ads were served by a European ad agency named Byron Advertising. Furthermore, he believes that the ad in question was targeting users in New Zealand specifically. TRUSTe confirmed that users in the United Kingdom may also have been affected.
The ad campaign we discovered was clearly unacceptable, both to Vomba and TRUSTe. We will work collaboratively with Vomba during the suspension period to ensure a positive resolution and a more secure consumer experience. As we gain further insight into the vulnerabilities that allowed the campaign to slip through and the steps required to prevent a repeat incident, we will share key lessons learned with other participants to keep their ad serving systems secure.
- Posted by Irinia Doliov, Senior Product Manager for TDP