Do NOT open the link at that thread, because the guy who wrote that theory (NOT the OP) is a former poster her, and his site is full of malware. If you want to read it, google it and read the cached version.
How long have these problems been going on with this ad provider? At what point do the admins say, “Fix it or we’re dumping you.”?
The problems have been intermittent and, till now, generally short-lived. The last outbreak before this was in August. I’ve spoken with Rubicon about ad-borne malware and have forwarded complaints to them. They’ve responded promptly in all cases and say they’re attempting to identify the offending advertiser, so far without success. The problem is the needle-in-a-haystack nature of the search. Rubicon operates what is basically an ad distribution engine and has partnerships with some 600 ad networks, each of which has its own clientele of advertisers and ad agencies. In short, there are thousands of players funneling content into the system.
Rubicon has safeguards in place to detect rogue ads, but the bad guys are constantly seeking ways to evade these and on occasion stuff gets through. Rubicon is a reputable firm and we’ve had a good relationship with them; the revenue they provide is our principal source of income. Malware is a chronic problem on the net and we have no reason to think a different provider would do better. I assure you we take malware reports seriously and I have every indication Rubicon does so as well. It has taken longer than expected to get to the bottom of this latest eruption but I remain hopeful that we’ll do so soon. In the meantime I ask your patience.
Just had a page here automatically forward the browser window to:
http://kklcg.viverprotect28.com/?id=2003&sz=6ae630e3a&vb=1&s=1
Which did nothing, perhaps because someone else already shut the malware down there, because my Mac wouldn’t accept whatever the site was trying to download/reforward, or because the site is doing something else (counting successful referrals to implement some new strategy?)
If the advertiser who placed the ad with whomever served it up had some useful ID tag in it perhaps the URL has info that will help track it down faster.
See? 
Nice editing/hatchet job. :mad:
I investigated the malware inside a VMWare machine. The malware comes from this link (broken intentionally) http:// checkwinonline.com/fps/q=jy7lno3o
Checkwinonline redirects to viverprotect30.com in my case. The site displays a popup via JavaScript which says: “AV8 has found suspicious activity on your pc and will perform some action on your pc.” It does fake virus scan, displays a fake Windows Security Alert, and then downloads a variant of Win32/Kryptik.IMZ trojan:
http:// 24b11615.viverprotect30.com/load/secure_2003-1_brs5.exe
I suspect that the “brainpower of the Doper community” has led most of them to install AdBlock Plus or something similar on their machine. So most of us never even see these ads, and malware in the ads never has a chance to infect our machine.
Thus most of us would say ‘install AdBlock, and the problem will go away’, rather than send our ‘brainpower’ tilting at the windmill of trying to track down malware sites. Many of us have dealt with relatives or friends who won’t use anti-virus software (too much work/too annoying), but then are frequently asking for help in disinfecting their machine.
I can’t help but wonder if this isn’t part of the problem: since Rubicon is essentially acting as a middleman for 600 (!) other ad networks, they’re going to have a fairly limited ability to fight malware coming from any given network. They may also have limited interest in doing so, if they make more money serving those ads than they lose customers from them.
Have you guys ever tried using Google Adsense to serve up your image ads? I’d imagine they pay a lot better than the text-only ads, although I don’t know if they’d be comparable to what you’re making now with Rubicon. It might be worth at least a test run, though – I’d certainly have a lot more faith in Google’s ability to detect and stop malware than Rubicon’s.
It’s also worth considering the longer-term risks of Rubicon – if we keep infecting computers we’re eventually going to start ending up on the large workplace filters’ blacklists, which is going to impact both paid members and guests alike, not to mention sending traffic and thus ad revenue through the floor.
Tongue in cheek, hence the happy face.
Hit me Sunday 11-28-10 at about 10:30 pm. I got the fake AV8 screen.
While this is true in general, I note that this is the only site I’ve seen that has this particular problem. Most of these places use Google Adsense.
And, yes, Google’s back on my good side since they admitted that should have contacted TVTropes before pulling the ads. That’s all I was asking.
Ed, no offense, honestly, but I haven’t ever seen this problem at any other message board I visit that has ads. Rubicon has proven to be unreliable – why not just try out another ad provider? (Google, as suggested)
You know what they say about doing the same thing over and over and expecting a different response?
(In the mean time people, if you’re not on a public computer - AD BLOCK PLUS!!!)
Running the ads through computers with web browsers would most certainly catch all the rogue ads. :smack:
Rubicon tech support informs me they’ve pulled some suspicious tags but are uncertain if these were the root cause of the malware problems. They said it would be helpful if users who have experienced problems in the past would volunteer to install software that records ad calls for later inspection. One such program is Firebug, an add-on for Firefox. One user has already been kind enough to do this. If you got a questionable virus alert or the like you would then save the HTML for the page for review. This will make it easier to identify bad ads.
You have had a good relationship with them. Your users haven’t. And I’d argue that your relationship with them isn’t all that good if they expect to shrug and say “yeah, we think we found it” and then ask your users to install debugging tools in order to make it easier to report the malware that will inevitably slip through in the future.
You say you don’t think a different ad provider would be any different. Have any of these malware reports been narrowed down to the Google ads?
This is embarrassing. I have suggested the SDMB to friends in the past but am no longer going to do so until this problem is fixed. I don’t want to be even indirectly responsible for someone getting hit with malware. And yes, I participate at several other message boards, some largeish, all ad-supported, and the SDMB is the only one that has this problem.
Another issue is the lack of a solution is encouraging people to simply block ads, which cuts down on your income. I realize that only a very small percentage of the “guests” probably use ad blockers, but it has been suggested several times, so people will eventually take the hint.
By the way, why is a rubiconproject script (http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js?pc=7184/13018 in my case) being run even for members?
You wouldn’t have to remove rubicon right away if you want to experiment with Google. But I’ll point out that it generated so much revenue for TVTropes that the loss of it was nearly fatal (even if they downplayed it.)