Memorial Day Weekend 2019 - The Unofficial Start of the Ad Hacking Summer


While many Americans enjoyed a holiday weekend, ad hackers were hard at work.

Analyzing a sample of DEVCON platform data, our research shows that programmatic ad exploits were in overdrive during the extended Memorial Day weekend.

The highest volume attack days were Saturday (5/25) and Sunday (5/26). Overall, attack volume was up 64% from the weekend before.

(NOTE: DEVCON monitors for a wide variety of sketchy traffic, including suspicious data tracking and offensive ad content. This data is sampled from malicious ad scripts specifically - pop-up ads that hijack browsers and often include scam offers to exploit users.)

Trends in blocked malicious advertising from an average daily sample of 60M monitored impressions during the middle of May, 2019

Trends in blocked malicious advertising from an average daily sample of 60M monitored impressions during the middle of May, 2019

This isn’t just a matter of more traffic during a holiday - the share of exploits tripled during Memorial Day weekend. Users were three times more likely to encounter one of these malicious ads between May 24th and May 27th than the previous weekend.


Among the exploits with surges in volume were three major frontrunners. In the lead was a relative newcomer called Bentonvillain 0.1, which takes over a browser with an offer for a gift card to a discount retailer. This exploit accounted for almost half of the overall increase in attack volume. Several varieties of the Lucky Star forced redirect exploit combined for the number two slot, with 25% of the increased volume. In third place with 17% was Avid Diva 0.4 - another evolving forced redirect exploit . Almost 10% of the weekend uptick was classified as Emerging Threats. These exploits have enough commonalities that DEVCON cybersecurity experts can begin blocking them, but research (and clever naming) had not yet completed at the time of sampling the data.

Do holidays make us vulnerable?

DEVCON staffers were ready for the surge. On Friday afternoon, CTO Josh Summitt posted in the company’s emerging threat slack channel to “…be on high alert. Holiday weekends are the worst.”

(At the time of this post, research was not yet complete on why Josh received only three thumbs up.)

(At the time of this post, research was not yet complete on why Josh received only three thumbs up.)

Experts have many theories for why these bad actors are more aggressive during holidays.

Mishunda Mathis, DEVCON’s Senior Director of Risk and Revenue, thinks that ad hackers could be behaving like legitimate advertisers. “It may be a kind of behavioral targeting,” she speculates. “People in holiday party mode are less likely to be vigilant about the things they click on and may even be more likely to respond to a gift card scam if they have holiday sales in mind.” There may also be another kind of targeting at work, directed not at the end customer but at the people running sites and networks. If operations staffing is diminished during holidays, websites and their network partners are less equipped to react to bad stuff showing up - leaving the door open just a little wider for bad actors to sneak in.

Bad ads ruin more than just holiday fun.

When you get one of these malicious advertisements, your reactions may vary. Many users simply find them to be frustrating annoyances - while others feel it reflects on the quality of the sites they visit. If even a small fraction of those users avoid the site in the future, the lost revenue associated with the bad ad can compound. DEVCON research shows the combination of lost impressions, increased operational cost, and lost frustrated audiences can cost an average media site 30% of its monthly programmatic ad revenue. (You can see the impact to your site using our Bad Ads Calculator.) So in addition to hurting user experience and spoiling your ops team’s holiday, these increased attacks can have a real impact to your balance sheet.

Whatever the reason, digital criminals don’t take the same holidays as the rest of us. DEVCON’s page level protection can keep your site free of these malicious ads - and all sorts of other risky content - whether you’re working hard at your desk or at your backyard grill. Our team celebrates when we hear from clients like Aaron, who sent us this email on Tuesday: "I was pleasantly surprised Memorial Day was as quiet as it was. Thanks for all you do."

If you’re already a DEVCON customer, log in to see how your site was impacted over Memorial Day. If you’re struggling to keep up with bad ads during holidays - we can help. Sign up now and try our solutions for free.

ad fraud, MalwareAndy Kahl