TMT(The Media Trust) MALWARE INCIDENT TYPES.
- October 15 2020
- 767 views
Definitions
This section defines key concepts referenced throughout the documentation. In some cases, organizations may use the terms below with slightly different connotations, so the purpose of the definitions below is to clarify what those terms should be understood to mean in the context of this documentation.Tag
Ad mark-up; this can be an individual URL, several lines of HTML or JavaScript, VAST XML. A Direct Tag typically results in the same Creative (see below) being revealed every time it is displayed, while a Rotating Tag typically reveals a different Creative from a set every time.Scan
An individual instance in which ad mark-up of a tag is rendered in a web browser; all JavaScript and rich-media elements are fully executed. The results of the scan are analyzed to determine if malware or other policy violations are present.Incident
The incidence of a combination of possible traits (domain, creative, malware, method/nature of the attack, etc.) detected during a scan. Incidents are not client-specific and serve as a means of tracking outbreaks across all of TMT’s clients to facilitate preemptive actions. The specific behavior of an incident may be observed, and usually is, over multiple tagsAlert
An event associated with the first detection of an incident. The alert will include a list of the tag(s) affected by that incident at the time of detection. Note, however, that after an alert is issued, additional tags may be found to exhibit the behavior characterizing the incident, without raising an alert. Alerts serve to inform clients that 1 or more of their tags have been affected by an incident for the first time.Notification
An event associated with the first detection of an incident affecting a previously unaffected tag.Creative
Refers to a visual (image, video) or, less frequently, audible, feature that is presented to the user upon opening a page with a tag. It is not uncommon for a single tag to reveal more than one creative, in different impressions or even within the same rendering. In addition to the main creative, a tag may also reveal small artifacts, typically 1x1 transparent GIF images, used primarily for tracking impressions.Landing Page
A web page to which the user is redirected after interacting (typically clicking) with an element in a tag. Note that it is possible for an intrinsically benign tag to redirect to a page with malicious content.MALWARE INCIDENT TYPES
The Media Trust detects a wide variety of behaviors that are considered undesirable. The following are the current types of Malware Incidents, with their equivalent legacy name.Malicious(Malicious/Popup)
The affected host/domain directly delivered or was an active party in the delivery of a malicious payload.
Known to trigger malicious pop ups for mobile and desktop users. The pop up content may include browser hijacks, fake virus warnings and phishing content.
Malicious – Imminent(Suspected)
TMT has detected indicators that the affected host/domain will directly participate in the delivery of a malicious payload but has not yet been directly observed doing so by TMT.
Scam/Fraud(Informational/Scam/Fraud)
Reserved for conveying important information about the incident or affected host/domain.
Characteristics of Click or Impression fraud have been detected.
App Store Redirect(Out of Browser Redirect)
Known to trigger an auto-redirect that takes a mobile user out of an app or browser. There will be scans where this type of incident has been found where a redirect was not triggered however all of the markers of the offense or nefarious actor have been found.
Malicious Landing Location(Malicious Landing Location)
A malicious delivery mechanism or malicious payload has been detected on the landing page (the URL the user is directed to upon clicking the ad) associated with the creative returned by the affected tag.
Resolved(False Positive/Resolved)
Correction to a previous status assigned by TMT or to an external third-party’s notification/flag regarding the affected host/domain.
TMT is no longer detecting indicators of malicious or suspicious behavior stemming from the affected host/domain.
Share this
- baidu
- weixin