TMT(The Media Trust) MALWARE INCIDENT TYPES.
- October 15 2020
- 246 views
DefinitionsThis section defines key concepts referenced throughout the documentation. In some cases, organizations may use the terms below with slightly different connotations, so the purpose of the definitions below is to clarify what those terms should be understood to mean in the context of this documentation.
IncidentThe incidence of a combination of possible traits (domain, creative, malware, method/nature of the attack, etc.) detected during a scan. Incidents are not client-specific and serve as a means of tracking outbreaks across all of TMT’s clients to facilitate preemptive actions. The specific behavior of an incident may be observed, and usually is, over multiple tags
AlertAn event associated with the first detection of an incident. The alert will include a list of the tag(s) affected by that incident at the time of detection. Note, however, that after an alert is issued, additional tags may be found to exhibit the behavior characterizing the incident, without raising an alert. Alerts serve to inform clients that 1 or more of their tags have been affected by an incident for the first time.
NotificationAn event associated with the first detection of an incident affecting a previously unaffected tag.
CreativeRefers to a visual (image, video) or, less frequently, audible, feature that is presented to the user upon opening a page with a tag. It is not uncommon for a single tag to reveal more than one creative, in different impressions or even within the same rendering. In addition to the main creative, a tag may also reveal small artifacts, typically 1x1 transparent GIF images, used primarily for tracking impressions.
Landing PageA web page to which the user is redirected after interacting (typically clicking) with an element in a tag. Note that it is possible for an intrinsically benign tag to redirect to a page with malicious content.
MALWARE INCIDENT TYPESThe Media Trust detects a wide variety of behaviors that are considered undesirable. The following are the current types of Malware Incidents, with their equivalent legacy name.
The affected host/domain directly delivered or was an active party in the delivery of a malicious payload.
Known to trigger malicious pop ups for mobile and desktop users. The pop up content may include browser hijacks, fake virus warnings and phishing content.
Malicious – Imminent(Suspected)
TMT has detected indicators that the affected host/domain will directly participate in the delivery of a malicious payload but has not yet been directly observed doing so by TMT.
Reserved for conveying important information about the incident or affected host/domain.
Characteristics of Click or Impression fraud have been detected.
App Store Redirect(Out of Browser Redirect)
Known to trigger an auto-redirect that takes a mobile user out of an app or browser. There will be scans where this type of incident has been found where a redirect was not triggered however all of the markers of the offense or nefarious actor have been found.
Malicious Landing Location(Malicious Landing Location)
A malicious delivery mechanism or malicious payload has been detected on the landing page (the URL the user is directed to upon clicking the ad) associated with the creative returned by the affected tag.
Correction to a previous status assigned by TMT or to an external third-party’s notification/flag regarding the affected host/domain.
TMT is no longer detecting indicators of malicious or suspicious behavior stemming from the affected host/domain.