« AMD takes one more jab at Itanium | Main | Windows Home Server enables digital spanking »
Don't click here – you know you want to
Spam and Trojan emails work because people will click on links and attachments. People are gullible. Call it plain stupid.
Didier Stevens decided to explore the limits o
f stupidity. He created a website on the drive-by-download.info domain and set up an account on Google Adwords, buying himself some advertising around the words "drive by download". The text of the ad stated: "Is your PC virus-free? Get it infected here!"
Surely people wouldn't walk into a dark alley if it had a large sign hanging over the entrance warning that it is inhabited by man eating rats and bats? Neither would they click on a link that tells them that they will get hacked?
You guessed it. Over a period of 6 months, 409 people clicked on the ad.
Luckily, Didier Stevens never hosted any malware on the website. But there are plenty of known ways to do so. We can't rely on people to patch their computers, we can't rely on people to not click on email attachments. We can't even rely on them to stay away from items that listed as being dangerous. The time to require an internet driving license has clearly come.
(By the way, Google claims that all ads are scanned and verified to prevent this from happening. If this one can slip through the cracks, how many more go unnoticed?)
Via: Roger Thompson
Spanish
Post a comment