Experiment proves that people want to infect their own systems

Tech News

By Steve Ragan May 17, 2007, 15:05 GMT

Social experiments are common. In the security world, many experiments are aimed at a person’s reaction to security risks. One of the leading online risks is the exposure to Malware and identity theft. Didier Stevens recorded the results of his experiment in which he told people by clicking a link, that their computer would be infected. The results were as to be expected, several hundred people clicked the link.For the cost of twenty-three dollars, a simple advertisement was placed on Google. The reason for the experiment was that Didier was curious to see how many people would click on the ad. There were almost two hundred sixty thousand views for the ad, and out of that count, over four hundred people clicked the link. The ad when displayed read, “Drive-By-Download Is your PC virus-free? Get it infected here!”The number of times the ad was clicked shows that hiding malicious links inside legitimate looking advertising does indeed work. In this case, it was only a test and if you read the ad closely, it would appear to be either a typo or a joke. In a recent study by Google, one in ten websites are carrying malicious code. Monsters and Critics reported on the study, and the exact nature of the experimental ad was listed.“In terms of returned numbers of note, the study showed that some four hundred fifty thousand of those tested sites were shown to include “drive-by downloads” designed to automatically implement unwanted additions into a visitor’s system, installing malicious code – including the likes of spyware – while the unfortunate user remained blissfully ignorant to the stealth attack.” – M&C Report Google: 1 in 10 Web pages carry malicious codeDidier explained how he started this experiment. The first step was to buy the domain, drive-by-download.info, then set up a web server to display a simple thank you page with a counter. Lastly, the Google Adwords campaign ran for six months.Lenny Zeltser of Gemini Systems said of the experiment, “Perhaps there is no need for attackers to create advanced redirection chains or elaborate deception schemes. As Didier Stevens' experiment confirmed, people will click on anything.” Scary thought, but he may be right.“I designed my ad to make it suspect, but even then it was accepted by Google without problem and I got no complaints to date, and many users clicked on it. Now you may think that they were all stupid Windows users, but there is no way to know what motivated them to click on my ad. I did not submit them to an IQ-test,” Stevens said.

Your Talkback on this Story

Note posts made on our older Talkback system will still show below. However, new posts can only be made via the new system (above). We will export the old comments to the new shortly. You can still comment as a guest on the new system but it also allows you to login using various social network and other accounts.

Other features coming soon.

Talkback

page: 1

ChrisMay 18th, 2007 - 00:50:37

The clicks were probably from other secutrity firms checking out the site.

Report this comment

colalaMay 18th, 2007 - 06:36:52

Lastly, the Google Adwords campaign ran for six months.

Free Software Download

www.populardownload.net

Report this comment

darkmatterMay 18th, 2007 - 10:54:34

We have a lot of users on our company network who never read the question or understand the consequences of selecting yes when prompted to allow software and plugin's to be installed on their laptops or allowing software to access the internet through their personal firewalls.

I suspected that if they were prompted 'do you want to install this key logger so we can read your bank account password and withdraw funds' that they would click yes. Now I know the answer.

Report this comment

page: 1

Tech

Experiment proves that people want to infect their own systems

Tech News

Your Talkback on this Story

Talkback

Latest Headlines in Tech

From Sites We Like

Latest PopEater News

Latest Cinema Blend News

Latest Tech Herald News

In Monsters and Critics

Corporate

The Fine Print