While a very rare event, as part of our service level agreement, if a publisher reports an urgent advertising malware incident, SquareOffs follows this 7-step workflow to ensure quick containment and resolution:
Publisher Reports Incident (via phone, email, or ticket).
Ad Operations Triage: Assess severity, pause affected campaigns.
Containment Actions: Block malicious creatives, sources, or campaigns.
Investigation: Trace the malware origin and coordinate with partners.
Updates: Provide regular status updates to the publisher.
Resolution: Implement fixes and communicate the outcome.
Prevention: Apply lessons learned to prevent future incidents.
1. Reporting and Escalation
When the publisher identifies a malware incident (e.g., malicious redirects, auto-downloads, or pop-ups), they should immediately contact our support team:
Urgent Issues - Dedicated Emergency Contact
Phone number and email of your dedicated account manager are provided for urgent issues.
Low Priority Issues - General Support
Email support at [email protected]
or
Log a ticket at https://support.squareoffs.com
Information to Provide
Publishers are asked to include:
Screenshots or screen recordings of the malicious behavior.
URLs or links leading to the malware.
The page or ad placement where the issue occurred.
Browser, device, and operating system details.
Ad creatives or SSP/exchange involved, if identifiable.
2. Triage and Initial Response
Once the issue is reported, our ad operations team begins the following triage steps to assess the scope and severity of the incident:
Assign Priority Level:
Critical: Malware actively affecting user experience or causing reputational harm.
Moderate: Issue detected but contained, affecting a limited audience.
Low: Non-urgent or isolated cases.
Containment:
Immediately disable or pause the affected ad placements, campaigns, or demand sources.
In the case of programmatic ads, block the offending advertiser or SSP until further investigation.
Notification:
Our ad ops team will inform the publisher that containment steps are in progress and provide an estimated timeline for resolution.
Response Time During Regular Business Hours:
Initial Acknowledgment: Within 15β30 minutes for critical incidents.
Containment Actions: Within 1β2 hours after acknowledgment, depending on the complexity.
Resolution: Full resolution within 24β48 hours for severe cases, depending on complexity.
(24/7 support available upon request. Contact us for details.)
3. Investigation and Root Cause Analysis
The ad operations team will investigate further to identify the source of the malware and prevent recurrence using the following steps:
Analyze Logs and Data:
Review impression logs, click-through data, and creative IDs to trace the source.
Look for patterns across exchanges or specific SSPs.
Engage Third-Party Tools:
Use detection solutions to identify malicious creatives or demand sources.
Coordinate with Demand Partners:
Notify related SSPs, DSPs, and exchanges of the incident, providing them with specific evidence and creative IDs for investigation on their end.
Review Ad Creatives:
If the malware originates from a specific creative, the ad ops team will ensure that it is removed from all placements.
4. Communication and Updates
Throughout the process, our ad operations team will provide regular updates to the publisher, including:
Confirmation: Confirmation of receipt and initial triage actions within 30 minutes.
Interim Updates: Status updates every 1β2 hours for critical incidents.
Resolution Notice: A final report detailing the actions taken, the root cause, and any long-term remediation steps, including:
Timeline of the incident.
Root cause analysis.
Actions taken for containment and resolution.
Recommendations for future prevention.
5. Resolution and Post-Incident Actions
After resolving the issue, our ad operations team will implement remediation steps to further prevent future incidents, including:
Blacklist Malicious Sources: Add the offending advertiser, SSP, or demand source to a blacklist.
Update Security Protocols: Further refine rules and filters for ad creatives, if applicable.
Educate Stakeholders: Share insights with the publisher and other partners to prevent recurrence.
6. Long-Term Prevention
Our ad ops team, in conjunction with the publisher, may recommend or implement the following:
Real-Time Malware Scanning: Using advanced tools to scan and block malicious creatives before serving.
Ad Review Policies: Stricter review processes for creatives and demand partners.
While we hope to never use this process and have rarely seen advertising malware occurrences, this workflow will ensure a swift response while keeping you, the publisher, informed and protected.