Web Ads: A New Virus Delivery Method — Part II

Article Tools

• November 2007 Issue
• Post a Comment
• Print This Article
• Email This Article to a Friend
• Save This Article
• Order a Reprint

In last month’s column (www.CPATechAdvisor.com/go/1761), I discussed web advertising, its four basic components and how it works. As you may recall, the four most common types of web advertising include the following:

• Click-Through Advertising
• Direct Advertising
• Internally Developed HTML Formatted Unsolicited Commercial Email

I also defined each of the forms of advertising and discussed how each is distributed. This month, we are going to turn our attention to how this malicious web scripting can be embedded in web advertising in order to infect a person’s computer with a Trojan software program that enables one to steal information or control the computer.

Things You Can Do To Prevent Infection
As you gear up for tax season, consider spending a few minutes talking about these threats and ways for your accountants to avoid becoming victims. Several things can be done to prevent infection. In my September column, I listed several ways to prevent JavaScript attacks, which are also very applicable to web advertising attacks. These preventive measures and some new ones include the following:

• Institute an Internet Policy in your firm that bans the use of non-work related sites.
• Educate employees on the potential problems that might occur from visiting non-work related websites such as YouTube using work computers.
• Make sure you use Internet site security controls and other content control mechanisms at the Group Policy level in your network domain to prevent users from easily modifying the settings on their own machines (your network consultant may need to help you with setting this up in your environment).
• Keep your computers updated on a regular basis, and make sure all security vulnerabilities are patched immediately.
• Be vigilant for new threats that emerge over time and keep your antivirus/antispyware products updated.
• Use a managed service content filter provider who screens both e-mail (to remove unsolicited commercial e-mail) and website content (for malicious code). MX Logic is one company that offers this combined type of service. Many providers in this space offer either unsolicited commercial e-mail filtering or web content scanning, but not both. When considering a service, make sure they can do both, as it helps to eliminate the threats in your environment.
• Use a firewall that also offers intrusion protection scanning and monitoring. The Cisco ASA 5510 and higher models offer an intrusion prevention module. SonicWall also offers an intrusion
  detection and prevention module on its devices. These devices scan the content coming in from the Internet and block content that is not appropriate.

Why This is Important to Practicing Accountants
Before I get into how web advertising can infect your computer and what to do about it, let’s take a look at why web advertising and JavaScript hacking are important to you as a practicing accountant. Why do you need to worry about these problems when they have nothing to do with preparing tax returns or performing an attest service? And if it’s not something that’s going to help your practice, why would you bother learning about it? The fact is, there are some very important reasons why this is an important issue to you as a practicing accountant:

• You need to protect your clients’ financial information.
• You need to prevent your computer systems from being compromised by viruses and malware. A compromised computer can be used to send spam, attack other computers, participate in denial of service attacks, host illegal copies of software or, worse, be used by child pornographers to distribute their illicit materials.
• Infected computers perform poorly, crash frequently and sap the productivity of the user trying to work on a trial balance or tax return.
• JavaScript and web advertising attacks on a computer bypass all the current safeguards you have put in place in your firm such as firewalls, spam filters and spyware catchers.

This is important to you as a practicing accountant because of the problems it causes and because of the potential for embarrassing disclosures of information. An infected computer can cause a large amount of damage to your firm in terms of image and lost productivity. An infected computer allowing a hacker to steal your entire set of client financial information might be a serious problem. Now that we know what we are faced with as practicing accountants, let’s take a quick look at how this advertising works and then get into figuring out how to fight against this threat.

How Click-Through Advertising Works
Before I explain how the content is delivered, let’s take a look at some terms with which you need to be familiar: