Tips For Publishers

All web publishers are potential targets for malware authors attempting to spread their software by hiding malicious code within an ad's SWF (Flash) file, GIF file or landing page. If an advertiser or agency provides you with an infected ad, your computer and personal information—and that of your site's visitors—can be exposed to serious harm. We recommend the following measures to help you protect your inventory and your site's users.

CAUTION:  Viewing an infected ad while investigating it can put your computer at risk. Below, we suggest using alternate means that can help you review potentially malicious ads more safely.

1) Pay close attention to all agencies and advertisers with whom you work

Perform due diligence by thoroughly checking prospective partners' references and credentials
  • Research the domains of ads' clickthrough URLs, as well as the domains for advertisers' and agencies' companies, before allowing their content onto your site or network. If a prospective partner or domain you're researching appears to have suspicious background checks, we recommend you take a much closer look at the agency, advertiser or network in question before accepting their ad.
Educate your team to recognize suspicious behaviors
  • Remind your sales team to be especially wary of relatively new clients who place last-minute orders or request to pay by credit card or wire transfer rather than through invoicing. Always check to confirm that prospective partners' contact information matches their billing information.
  • Be wary of advertisers who contact your team at unusual hours (inconsistent with the time zone of the location specified in their contact information).
  • Exercise particular caution at the end of the work-week and before holidays, since malicious parties will often attempt to launch a malicious ad when they expect fewer teams to be on-call to identify and disable it promptly. 
Consider instituting policy changes that could help protect your site
  • Consider requiring new customers to pre-pay in full for smaller orders (under several thousand dollars) and provide a significant down payment for larger orders. In some malvertising attempts the malicious party will fail to pay their bill, and requiring payment up-front can make your site a less attractive target. 
2)  Perform comprehensive QA on all ad creatives
  • Instead of navigating directly to an HTML ad's URL to see if it appears suspicious, investigate the URL's domain by examining its WHOIS information (available at sites such as
  • Don't open a .swf file yourself; use a protected system such as Wepawet to check it.
  • Carefully inspect all iframes and redirects, which are sometimes used to distribute malicious code. The domains associated with any creatives containing iframes should be researched especially carefully. Additionally, since a 3rd party controls the content of the iframe, it may be harmless to start with and become malicious at some point in the future at the discretion of the 3rd party. You can learn more about the risks associated with iframes and multiple redirects at
  • Visit sites such as and to scan Flash, JavaScript, and PDF files before allowing them to run. (Please keep in mind that Google has no connection with these sites or scanning tools and cannot guarantee their effectiveness.) 
  • Test each core creative and all files the creative’s code invokes. Use an SWF-to-XML converter (for example, to detect references made from each SWF file. If the converter fails with an error, treat the creative with suspicion.
  • Treat any creative that contains encrypted code with suspicion.
3)  Protect your own computer and website from infection
4)  Require all partners to uphold safe standards        
  • Be aware that various ad networks and exchanges may have significantly different standards for the prevention and detection of malware. No automatic detection system, however robust, can substitute for your own vigilance. However, we strongly advise against exposing your site to harm by using networks or exchanges without strong anti-malware security measures in place.
  • Require all ad networks and ad exchanges with which you work to take affirmative steps to prevent the spread of malware within their systems. For example, if an ad network or ad exchange allows you to control which advertisers and agencies can purchase your inventory, take advantage of this ability. 
5)  Learn more about malvertising