Web Ads: A New Virus Delivery Method — Part I

Article Tools

• October 2007 Issue
• Post a Comment
• Print This Article
• Email This Article to a Friend
• Save This Article
• Order a Reprint

From the Oct. 2007 Issue

In last month’s column, I took a look at JavaScript and how it is being used to infect computers and steal information (www.CPA
TechAdvisor.com/go/1663). In a two-part column starting this month, we are going to examine another process that is also allowing hackers and hucksters to infect computers and steal information. This particular process uses web advertising content delivery to infect unprotected computers. As if we didn’t have enough to worry about in running
our accounting practices, now we have to worry about visiting even legitimate websites and our computers becoming infected with malware.

How Web Advertising Works
Web advertising works by the host site putting in HTML code (the programming language used for displaying web pages) that displays the advertising on the website (usually in line or on the left/right of the page). When a user clicks on this content, they are taken to a new website, which is generally not the same site they were viewing. In order to make money in web advertising, there are many different models that have become available. The most common types of web advertising include the following:

• Click-Through Advertising
• Direct Advertising
• Internally developed
• HTML Formatted Unsolicited Commercial Email

Defining The Types of Web Advertising
We won’t concern ourselves with two of these methods for purposes of virus delivery — direct advertising and internally developed. However, just so we have a definition of each, let’s quickly define them.

• Internally developed advertising is content developed internally by a company for use on its own website to promote other parts of the company. Since most of this content is developed in-house, its threat to your computer is minimal if you are visiting legitimate sites. Phishing sites, which are specifically designed to entrap a user, would be the exception.

• Direct advertising is the sale of advertising space by content companies, which is directly solicited by the company. Microsoft, Yahoo!, Google, and Amazon all solicit either directly or through subsidiaries for advertising content, which is an example of this type of advertising. Since these companies control the content on their site directly and work directly with the advertiser providing the content, this type of content generally is not going to be an infection source. It should be noted that some big companies use various methods of obtaining web advertising including some of the higher-risk methods. Just because you are on a trusted company’s website, does not mean you can let your guard down. Direct advertising is difficult to differentiate from the other sources of advertising because the delivery method is very similar.

• Click-through advertising is the most common and oldest form of legitimate advertising on the Internet. As with most of the significant advances on the Internet, the pornography industry was heavily involved in the early years with the development of this advertising delivery system. They needed a way to get their sites advertised, and traditional means of advertising were generally unavailable to them. The pornography industry needed a way to pay for the advertising so they developed third-party companies to handle the content delivery and payments. These related companies and others seeing an opportunity eventually branched out into delivering other types of advertising besides pornography. Click-through advertising is integrated into a company’s website after the company signs up with a provider to deliver advertising content. The company signing up with the advertiser then positions special HTML coding into its company website to display the advertising either on a static basis (the same advertising over and over for each viewer) or dynamic basis (the content changes each time the page is viewed or refreshed). When a viewer of the site clicks on the advertising content, they are taken to the advertiser’s website, and the provider (the person who allowed the advertising on their website) gets paid some money when one of two things happens — the person either buys something from the advertiser’s website or the advertising campaign simply pays a few pennies per click to the provider for providing that advertising content to the viewer. It is very important to remember that the advertising content is provided from a different website than the company’s own website. This fact will be very important as we discuss how to prevent this advertising content from infecting your computer.

Early Click-Through Fraud
When click-through advertising was first developed, hucksters and hackers quickly figured out a new means of making money. Early hackers figured out that if they wrote some simple code to open a link to a click-through site that they posted on a website they controlled, they could make a large amount of money by using those automated tools to click on the link hundreds or thousands of times. Because a computer can perform a task much faster than a human can, it could create hundreds or thousands of clicks per day. At even a penny or two per click, a few 100,000 clicks can add up to big money in a hurry, especially if done over a period of a few days or weeks. Companies quickly caught on to this and started using tracking cookies to ensure that purchases were made before payments would be received or to determine if the user had already visited the sites.