Sunday, 13 May 2007

The Rise of Malware - What Impact on PPC?

Google's recent report on malware - interestingly titled "The Ghost in the Browser" (I feel a movie script coming on....) - revealed that one in ten pages on the internet is capable of downloading malicious code onto user's PCs without their knowledge. This news, which follows fast on the heels of the recent Times Online reports on "Adwords hackers", has real implications - not only for the general internet-using public, but also those who make a living from advertising online.

PPC as a medium has always, among certain quarters, had an unfavourable reputation. In its early days, unfair association with such irritants as pop-ups, pop-unders and flashing banners meant many advertisers stayed away from paid search advertising, instead going for an SEO-only approach to being found online. During the dot com boom, when PPC really flourished, it was dogged by massive click fraud problems. Indeed, many will argue that the problem of click fraud remains major even today. The manner with which PPC providers - and search engines in general - came and went in the early days didn't exactly inspire confidence either (only really stayed the course in the early years....later becoming Overture, then Yahoo Search Marketing).

More recently, Google themselves have had their reputation tarnished by the revelation that their own PPC system - Google Adwords - had been hi-jacked by hackers intent on spreading malicious code. Ads associated with around 20 search terms had to be removed from the sponsored listings, where the destination website (disguised by a fraudulent display url, impersonating a legitimate business) attempted to install password-stealing software onto the user's PC (the software is known as 'key-logger', which records user keystrokes, and is ironically employed by many anti-criminal organisation such as the FBI and MI5).

The issue of whether or not advertisers should be allowed to use a display url vastly different to their own domain name is another issue, too large to be discussed in this post. However, the more general problem of an individual using PPC to carry out criminal activity cannot be ignored. At the end of the day it comes down to the providers - those making the money - to do something about the problem. More stringent review of new advertisers could be one way to do this, although the flip argument to this is that this will increase submission times for adverts and therefore annoy legitimate businesses looking to get PPC up and running. Perhaps making it easier, and quicker, for users to point out illegitimate ads to the engines would help (perhaps a beefed-up version of Google's blog spam reporting system might work well). A stronger partnership between anti-virus providers and search engines might also help - perhaps if there existed some kind of system that quickly scanned the destination site of a sponsored listings, before the user went there, situations like the one described above could be avoided.

Whatever the solution, one thing is certain - PPC providers must step up to the plate in the fight against malware, much like they have done recently with click fraud. Providers like Google have made great strides in eradicating click fraud; their click fraud report, released earlier this year, showed that fraudulent clicks accounted for less 10% of total clicks (most of these are filtered out by Google's systems, so will not be paid for by the advertiser). Yahoo made a similar announcement, stating just 12-15% of their clicks are invalid, shortly after; they then went one step further and appointed a VP of Marketplace Quality.

Providers need to show the same levels of conscientiousness with PPC malware, as they have with click fraud - not only to maintain quality SERPs, but also ensure the long-term future of PPC as an effective, ROI-driven advertising medium for businesses.

No comments: