Click Here To Infect Your PC!

Email me for FREE viruses writes "Just how many people would click an ad saying "Is your PC virus-free? Get it infected here!"? According to the security researcher who ran that very ad on Google for 6 months, 0.16% (409 of 259,723) would click on it. 98% of those people were running Windows. The Google Adwords campaign cost $23 in total, which works out to $0.06 per infection had the site actually been malicious."

0,16%

[JanneM]

At a click rate of 0,16% - about one in 600 - I have to wonder if not a fairly large portion is simple click errors. You intend to click on some other link nearby on the page but by mistake click that one instead. There's several kind of interaction slips just like that that we do in other circumstances after all.

Hmmm

[gordgekko]

It's news that at least 0.16% of people are idiots? Actually I'm shocked the number was this low. This is actually good news.

Not exactly.

[SolitaryMan]

The Google Adwords campaign cost $23 in total, which works out to $0.06 per infection had the site actually been malicious."

Not exactly.

$0.06 per infection attempt, which is obviously not the same thing.

Re:0,16% Mac/Linux users

[nyctopterus]

And of that tiny percentage how many were Windows users taking the fairly safe bet that the ad didn't do what it said?

Doesn't really mean much

[gazbo]

Hell, if I saw that link I'd click on it for sure. Well, I might drop to Cygwin and use lynx "just in case", but there's no way I'd not investigate such a link.

Why does it matter what OS they were using?

[Torodung]

I once explained that browser security is almost entirely determined by the user. This proves it. I wouldn't trust that 0.16% with a pocket calculator, let alone a computer!

You can't write code or design software that will secure "stupid." Firefox and Linux are certainly easier to secure, and they have a better security model, but they aren't idiot proof.

If those folks were using an abacus, they'd probably get their head stuck in it! <G>

--
Toro

Idiots ?

[Anonymous Coward]

Maybe people clicking this link are not so dumb.

I would say that people clicking "Click here to check if your PC is virus-free !" are more stupid.
Personally, I wouldn't have clicked the "get infected", but I understand curious people who would because they are confident in their protection and this is kind of joke. When I see "Get your PC infected !", I think "no way, nobody can want this, must be a joke or something".

Of course, being confident in one's protection and using Windows IS stupid...

Re:statistics

[richlv]

i was reading that more as "no, that was not linux users clicking the link for fun". i mean, i would click on such a link ;)

Re:Browser stats

[Torodung]

Pretty much reflects total market share almost 1:1. When 90% of the consumer market uses MS as their OS, is it terribly surprising that 85% of consumer *morons* use it?

--
Toro

Re:Hmmm

[julesh]

Consider that click through rates to a relevant ad are typically less than 3%. This represents 5% of people who would normally click on an advert.

Re:It's hardly a surprise

[Eivind]

The worst-case scenario are however very significantly different.

Worst-case for a virus-infected windows-machine ? Complete reinstallation. A day lost, hell make it "toss away $1000 machine".

Worst-case for std ? Death.

Not really comparable.

Re:Oh dear.

[nurb432]

Or how many people thought ' it cant happen to me, as im protected ', but were still curious what the page was about.

Re:0,16% Mac/Linux users

[Zonk (troll)]

Virus scanners create a false sense of security.

<user> I have Norton. My computer is now immune to all viruses.
(one week later)
<user> I have a virus, can you fix it?

I've seen people many times think that because they had Norton or McAfee, that they could do whatever they want without having to worry about getting a virus and act reckless. Open every attachment they get in email, downloading and running random .exes from "FREE!!!!!!!!!" sites, use Internet Explorer, etc.

Re:0,16%

[dour power]

Even those who deliberately clicked on the link could have easily read the text as, "Get it inspected here!" Not an excuse, but certainly understandable. How many /. article postings contain at least one sincere reply of the form, "Am I the only one who read that as...?"

Re:0,16% Mac/Linux users

[nyctopterus]

I wasn't talking about virus scanners, I was thinking more along the lines that it's very unlikely that the ad did what it said it would do, and much more likely it was study or a joke -- people would guess that before clicking it.

Re:It's hardly a surprise

[cornjones]

no, worst case is all of your data compromised, potentially financial/personal etc....

it is possible that this would be worse than death for some (unlikely, but possible)

Re:Browser stats

[NatasRevol]

Why should I have to work to protect my browser? Or my computer while just *going* to a web site.

There's such a huge jump in logic there that it just befuddles me that 'configuring properly' is required to use the internet.

No computer/browser is perfect, but it just makes basic sense to use a computer/browser that starts at a very secure state and allows you to open it up if you want/need. Rather than the other way around.

<bad car analogy> It's like having to put rear view mirrors on your car after you buy it. </bad car analogy>

Re:Attempted Infection == Infection

[ajs318]

Yes, but if you didn't know what it was or whether it was safe, you wouldn't click it in your browser, would you? You'd use netcat. For example, if the link goes to http://somesite.someisp.cc/some/long/filename.ext? query_string [someisp.cc] then you'd need to do

echo -e "GET /some/long/filename.ext?query_string HTTP/1.1\nHost: somesite.someisp.cc\n" | nc somesite.someisp.cc 80

which will dump the raw HTTP response onto STDOUT. And that's safe because you can't muck anything up by printing to the screen (well, you might get unlucky and have some weirdy escape code sequence turn off echo or redefine the entire character set or beep incessantly; but the whole beauty of xterm windows is that you can always close one forcibly if you have to).

And then, if and only if it looks safe, you can use wget http://somesite.someisp.cc/some/long/filename.ext [someisp.cc] to download it for investigation.

Bogus because it's flawed

[hexed_2050]

The tester did not take into account that his/her ad will also appear on 3rd party websites which the owner stands to make money from. There are many groups that take advantage of ads being displayed on their own 'ring of websites' and will generate fraud clicks no matter what the title/description of the ad displayed.

Example:

Joe runs a website. Joe decides he wants some income for his website and signs up for Google Adsense which displays contextual Google ads on his website. Google gives Joe a percentage of the revenue (30-40%?!-google doesn't tell exactly how much.) Joe decides to get some of his friends to click on his ads to boost his monthly revenue. Joe makes more money, and the ad gets more clicks. Advertisers have no idea that Joe is falsely generating clicks and will happily pay Google for the clicks, which in turn Google pays Joe his dividends as well.

Now if the tester turned off the ability to have his ads displayed on 3rd party websites, then the test would carry a bit more ground.

I'm not saying people aren't dumb enough to click on the ad, I'm just bringing up a valid point that exists in web advertising everywhere, especially Google (even they will tell you that their fraud systems will catch the persons 100% of the time - lol)

h

Automobile

[Anonymous Coward]

No, its more like buying an aftermarket parachute because the breaks are defective.

Re:Goatse!

[mstahl]

Anonymous cowards don't need karma, and first posts don't need high visibility. I see it more as a mod point that got wasted for no good reason than an opportunity to reward someone for posting goatse.