Due to an increase in traffic I thought I would experiment with new advertising options on one of my websites this past week and was shocked at how many ad networks were triggering blocks by my MalwareBytes anti-malware software. The two main ones were Adsterra and Clickadu, but I also had a limited issue with Ad-Maven. A little research led me to conclude that the first two networks should probably be avoided for now while the third is still surprising.
Adsterra
Adsterra is a fairly well known alternative to Google Adsense that has been around for a few years now. As such, I was happy to learn that my application had been accepted and that I was able to try running their ads on my site. Unfortunately, that happiness was short lived because the first time I tried to view a page running their ads in my browser, my Malwarebytes would not load their ads. These were native content ads. You know, the ones that look like articles but are really advertisements or "sponsored" listings. At first I thought it might be due to one of the ads or a site one of them linked to being malicious, but I realized it was the URL of the Adsterra server itself being blocked pl15333384.passtechusa.com and even after I added an exception for that server, I found specific ads of theirs being blocked as well. I emailed Adsterra informing them that I could not run their ads as long as MalwareBytes flags them. That is because I don't want my users infected with malware, I don't want potential users scared off by malware warnings, and I want ads that people will still see if they decide to stay on the site despite the warning.
Adsterra responded by saying "Hello, Our domain is recognized as safe by many antivirus programs. Unfortunately, there are several antivirus programs who consider our domain to be potentially unsafe. We are aware of this fact and we are negotiating with their representatives to fix this issues. http://joxi.ru/brR09vqUYkLW82 Regards, Adsterra."
They also asked for a screenshot and I responded by telling them that their form does not allow screenshots to be uploaded and they send me a link to some Russian website for sharing pictures saying I could try that one. Now sure, they could be the victims of malware attacks by malicious hackers exploiting their network to get at their users' computers. That has happened to other ad networks. Then again, when I did a Google search for "Adsterra Malware" I found stories from recent years alleging that they are linked to a notorious malware maker known as Master134. I know that a lot of complaints like that are planted by competitors, so I don't take them too seriously. Unfortunately, I am not comfortable using a network that gives me MalwareBytes warnings even if the warnings are not their fault.
Clickadu
So, I moved on to Clickadu and got malware warnings from their scripts also. Clickadu was offering a variety of ad formats mostly in the form of popunders or push notifications. Popunders of course being those ads that open in a new tab and push being those ads that ask you if you want to receive updates from the website. People usually close the new tabs and refuse to let the push send them notifications. If they do agree to the push update it is usually because they think it will give them updates from the website, but instead the ad network spams them with ads. Like Adsterra, Clickadu code automatically triggered MalwareBytes warnings, so I removed it and moved on. Google searches for "Clickadu Malware" tend to show a lot of malware allegations against Clickadu, but remember that competitors plant stuff like that and just about every ad network worth targeting is targeted by hackers looking for ways to use it to spread malware, so they could have just had some bad luck.
I sent an email to my account manager evjennia a.k.a. Jenny at Clickadu informing her that I could not run their ads due to malware warnings. I had previously received an email from "Jenny" with the following signature:
Jenny Clickadu
Publisher Account Manager
skype: live:evjennia
telegram: JennyMz
icq: 714038583
What I got back was a message from billing saying my account had been rejected for not giving them my financial information. This is suspicious since most ad networks don't require you to give them any financial information at all until you reach their minimum payment threshold. The email I received from billing read in part "The personal information provided by you lack credibility or suspicious. Withdraw funds feature is unavailable to you.To unlock funds withdrawal please provide correct personal data." Now, granted they are based in the Czech Republic so English is their second language, but they should be able to do better than that. It seems they are not interested in doing business with anyone that knows about their malware issues unless that person is willing to give them a bunch of personal financial information.
Ad Maven
At that point I was done trying new ad networks, so I thought I would start using Ad Maven again. In the past I had run their VPN banners and push notifications without problems, so I thought I would try their popunders, but to my surprise their popunder script also triggered a MalwareBytes warning. This got me thinking that maybe MalwareBytes is just sensitive to pop ads? User's hate them after all and using them is a cheap way to force them to look at advertising. Pop ads should only be used as a last resort. Push notifications are basically the same way but slightly less intrusive unless you are stupid enough to agree to the notifications. The internet is full of stories accusing Ad Maven of malware, but those too tend to be hosted on sites that target Google searches for "ad network name malware" or could easily be the work of competitors.
Conclusion
Is MalwareBytes hypersensitive to pop ads? I'm done trying to figure that out for now. Fortunately, an ad network running the type of native ads I was looking for approved my application and I never got any malware warnings from their scripts, so I will be using them for now.
*In the following video Clickadu advertises their Anti-Adblock solutions. This is a red flag to me that could explain the malvertising warning from MalwareBytes. Anti-Adblock is what it sounds like. It is an effort to serve ads in a way that ad blocker can't block.