Web Ads: A New Virus Delivery Method — Part I

From the Oct. 2007 Issue

In last month’s column, I took a look at JavaScript and how it is being used to infect computers and steal information (www.CPA
TechAdvisor.com/go/1663). In a two-part column starting this month, we are going to examine another process that is also allowing hackers and hucksters to infect computers and steal information. This particular process uses web advertising content delivery to infect unprotected computers. As if we didn’t have enough to worry about in running
our accounting practices, now we have to worry about visiting even legitimate websites and our computers becoming infected with malware.

How Web Advertising Works
Web advertising works by the host site putting in HTML code (the programming language used for displaying web pages) that displays the advertising on the website (usually in line or on the left/right of the page). When a user clicks on this content, they are taken to a new website, which is generally not the same site they were viewing. In order to make money in web advertising, there are many different models that have become available. The most common types of web advertising include the following:

• Click-Through Advertising
• Direct Advertising
• Internally developed
• HTML Formatted Unsolicited Commercial Email

Defining The Types of Web Advertising
We won’t concern ourselves with two of these methods for purposes of virus delivery — direct advertising and internally developed. However, just so we have a definition of each, let’s quickly define them.

• Internally developed advertising is content developed internally by a company for use on its own website to promote other parts of the company. Since most of this content is developed in-house, its threat to your computer is minimal if you are visiting legitimate sites. Phishing sites, which are specifically designed to entrap a user, would be the exception.

• Direct advertising is the sale of advertising space by content companies, which is directly solicited by the company. Microsoft, Yahoo!, Google, and Amazon all solicit either directly or through subsidiaries for advertising content, which is an example of this type of advertising. Since these companies control the content on their site directly and work directly with the advertiser providing the content, this type of content generally is not going to be an infection source. It should be noted that some big companies use various methods of obtaining web advertising including some of the higher-risk methods. Just because you are on a trusted company’s website, does not mean you can let your guard down. Direct advertising is difficult to differentiate from the other sources of advertising because the delivery method is very similar.