Malvertising is, according to Rubicon execs, putting about $600 million dollars of publisher revenue at risk every month. I take it that cost must include brand damage, loss of revenue due to drop in traffic (malware has led to a 10% drop traffic on leading sites) and of course the actual cost of of getting rid of the nasty malvertising code. Looking to tackle the problem head-on, Rubicon announced yesterday it was acquiring SiteScout for an undisclosed sum. SiteScout is a Seattle-based security firm specializing in malware detection and prevention. Why is it a big deal? There has been a spate of malware attacks on leading web properties and apps, including Gawker and NYT, over the last couple of months, causing a signifcant drop in traffic and a subsequent loss in ad revenue. It's becoming a significant issue for publishers who are struggling to deal with malicious code being served through ads on their sites. The acquisition allows Rubicon to build out a proprietery malware security offering through its Revv platform. I wonder what's next on the shopping list? Maybe an ad verification company?

Here's the press release in full:

LOS ANGELES – May 25, 2010 - the Rubicon Project, the digital advertising technology company, has acquired SiteScout, the malware security technology provider, to build upon the technology that drives the brand protection and security layer of its REVV for publishers™ platform. The acquisition is part of the Rubicon Project’s commitment to engineering comprehensive technology that ensures premium Web publishers a safe, efficient and profitable platform through which they can transact with all demand channels for their audience and ad inventory.

Recent malware attacks on popular sites and apps have reduced site traffic by as much as ten percent in a single month, and with that, a parallel reduction in revenue. Across the industry, this represents a net monthly risk of nearly $600 MM, as publishers across the Internet, from Twitter to Facebook to the New York Times, are falling victim to a massive influx and growing complexity of threats related to malware or “malvertising.” Since most malware is distributed through advertisements and content served through legitimate websites, it falls on publishers to protect their brand, revenue, and customers (consumers and advertisers) from these malicious attacks. Publishers who are not proactively protecting their sites create the risk of customers becoming infected through an attack initiated on their site, spend a lot of time and money trying to chase down problems when they occur, and create a bad reputation.

There is currently almost nothing – technology or otherwise – within legacy ad server products that protects publishers, their visitors or their advertisers from malware attacks. As detailed in the Rubicon Project’s manifesto, “Principles of a REVVolution, or the ad server is dead,” the company is committed to offering publishers technology that counteracts these risks, delivering efficient and safe to all sources of demand, and providing protection to consumers. This commitment drove the company’s decision to acquire SiteScout.

“We began to look for the right security partner to help address this growing issue for publishers in 2009, evaluating several solutions in this space to complement our industry-leading brand protection technology,” said Craig Roah, COO and Founder of the Rubicon Project. “In side-by-side tests, in a live production environment with real ad tags on premium websites, SiteScout was hands-down the most effective technology. In addition, the technology is easily integrated with our platform, and the SiteScout team is a perfect fit with our strong company culture. This acquisition will enable us to protect premium publishers with the most effective and highly scalable technology solution to address the very real, very dangerous and fast-growing problem of malvertising.”

“The threats are transient, the bad guys are smart. Solving the problem of malvertising requires serious technology engineered by security experts that runs in the background to protect websites 24 hours per day, 7 days a week,” said Rob Lipschutz, CEO of SiteScout and who is now tasked with leading the Rubicon Project’s Brand Protection offering. “We are excited to integrate our team’s combined 40 years of security experience and SiteScout’s proprietary technology with the Rubicon Project and its digital advertising technology platform, REVV, to ensure publishers have a complete technology solution that enables them to keep digital media free for consumers.”

There are unique risks to publishers, advertisers and consumers from malvertising attacks:

· Publisher risks include: Revenue loss, customer loss, damage or loss of advertiser relationships, negative publicity, damage to brand, lower product sales
· Consumer risks include: Virus-infected computers, compromised privacy, decreased willingness to spend online, financial info theft, identity theft
· Advertiser risks include: Legitimate ads ‘hijacked’ for ill-intended purposes, loss of brand reputation, damage to the very consumers they’re trying to target

The new comprehensive malware protection powered by SiteScout security is available exclusively to REVV for publishers customers as an extension of the Rubicon Project ad technology platform; the SiteScout malware reporting and other product tools are slated to be available within the REVV platform in the third quarter of 2010.

Lipschutz will be tasked with leading the security and brand protection team to continue building technology innovations for the REVV platform. In addition, the Rubicon Project will open a Seattle office in the Pioneer Square district directly across from Qwest Field. The company will take advantage of the rich engineering talent in Seattle, with plans to hire in the areas of engineering, product and security.