I have used a lot of ad networks over the years and they all have one thing in common - they all have at some point displayed dodgy ads on my sites that have hijacked my visitors or downloaded something without their knowledge. I used to report these ads to the networks and they would immediately deny it was them until I had to turn off all my ads to find out they WERE the culprit and then they would reluctantly say they will block them from displaying on my site again - which would only work for about a week. There are a lot of ad network owners that read this forum and I'm curious as to why they are so slow in stamping on these advertisers. Is it because they pay well? I complained to Smowtion once and they said that my traffic was so small that if they blocked the advertisers I reported I would have no ads to display!
Hey. I am Tomasz, the owner of PopAds.net advertising network. I can't speak for the adnetworks you have worked with, but I can try to show more or less how it works from adnetwork's side. I understand that by these automatic downloads you mean exploits/malware. It is a large problem in the industry and to be honest, there is no good solution. These people who buy traffic to pages with malware can earn insane profits(like they spend $2 CPM and they earn $50 CPM back). They are quite smart and they will do anything to get their ads running. First of all, they always buy traffic to legit pages before adding the exploit part. So reviewing the banner or landing page before does not solve the problem. They use stolen identities(including passport scans if anyone asks). And finally, even if you catch them - you can't do anything. They use hacked computers as proxy, so you can't figure out their real IP. Even if you do, they usually come from countries in which they will not be prosecuted anyway(Russia, Ukraine). Two times, when we had suspicious customers, I asked them to do a verification call with me(at that point I knew that asking for a passport scan is worthless). They actually paid some people in US to talk with me. Obviously, the people I was talking with knew nothing about online advertising and couldn't answer any of my questions except for like one learned sentence that they wanted to have their account activated. As for solutions - there are some commercial solutions that focus on scanning landing pages. In theory it is a good idea. In reality, a terrible one - these scanners will still use a datacenter IP pool and with a $5 a month database from Maxmind, a malvertiser can detect it is a scanner and not load the exploit. I actually asked a provider of one of these commercial solutions about this and I was told that they "randomize" the IP from which they do checks. For anyone who knows how TCP works, it is clearly a lie We have came up with a number of solutions at PopAds that instead of focusing on the landing page itself, verify how real the profile is as well as what might be the customer's business model. If the business model is very unclear(ie. the campaign cannot be profitable), it is something very very fishy. By verifying if profile is real, we look for any irregularities(for example, there are not many people named let's say Johnson in Poland - that's something that might rise a red flag*). *it is not exactly what we do, but I can't provide any real examples