Do You Want to Infect Your PC?
“Is your PC virus-free? Get it infected here!”
An actual Google Adwords campaign.
EDITED TO ADD (5/19): Slashdot thread.
“Is your PC virus-free? Get it infected here!”
An actual Google Adwords campaign.
EDITED TO ADD (5/19): Slashdot thread.
as expected • May 14, 2007 7:34 AM
In the 1990s I posted an X11 pop-up on someone’s screen at work (my smartest user in fact) with a red warning triangle saying “Self-destruct now? Yes/No”.
He clicked Yes, but afterward could not explain why.
Lisa • May 14, 2007 8:05 AM
I wonder how many of the 409 clickers were running Linux, or clicked it on a test machine (rather than just assume that all of the clickers were “stupid Windows users”). Too bad traffic analysis can’t track that well.
I think the biggest question for me coming out of this whole thing is, why didn’t Google red-flag this ad as suspicious?
bob • May 14, 2007 8:07 AM
This has been done before computers were even around: “Wet Paint”
Jay74 • May 14, 2007 8:14 AM
It’s what I call a “DAS error” (Dumb *** Stupid). It is, always has been, and always will be a scourge on mankind. It wasn’t created by computer technology, but technology has made DAS more useful and problematic.
anon1 • May 14, 2007 8:29 AM
@Lisa:
I wonder how many of the 409 clickers were running Linux
RTFA. It’s quite unlikely people looking at the site to see what kind of scam it is would bother to fake User-Agent before doing it, I’d say…
Nicholas Weaver • May 14, 2007 9:02 AM
Lisa: why didn’t google red flag it? Simple, google’s entire business model is automation: Do someting for you, take your money, without EVER involving a human.
This includes their advertizing sales.
merkelcellcancer • May 14, 2007 9:13 AM
This is the big red button effect. Do Not Press. How many men can pass by without wanting to press the button?
FooDooHackedYou • May 14, 2007 10:01 AM
My honeypots love viruses 🙂
Speaking of red buttons, I wonder how many people clicked this one?
http://totl.net/HonourSystem/
D. SKye • May 14, 2007 12:14 PM
Dangit Jo! That is just MEAN, I looked at the source code of the page, and it honestly looks harmless, which makes me really wanna push it! –But I didn’t, I’m not a malicious person, but maybe that is the point of the button, to find out who is, then block them from the site or something 🙂 too tempting… Oh well. It won’t be pushed by me, even if it is completely harmless.
X the Unknown • May 14, 2007 12:47 PM
The sad thing is that the “Redneck Virus” (AKA “Honor System Virus”) actually worked in several ways:
Apparently, some people actually did erase their files (http://vmyths.com/hmul/4/2/)
Less than a year later the SULFNBK “Virus” came around (http://www.sarc.com/avcenter/venc/data/sulfnbk.exe.warning.html)
DontClickHere • May 14, 2007 12:51 PM
@D Skye:
The totl site doesn’t work for me anymore. Did you actually push the button?
X the Unknown • May 14, 2007 2:21 PM
I didn’t push the button, but I did paste in the address that pushing the button takes you to:
http://totl.net/HonourSystem/?doit=2
Does a pretty good job of imitating an erased site. I didn’t check how the original site gets masked off, thereafter, but I’m guessing a Session-Cookie gets set by the second site, and the server simply doesn’t display the original site anymore.
A new browser-session on a new Virtual Machine finds the original site just fine. Rather nice, all-in-all.
Thanks, Jo!
DontClickHere • May 14, 2007 3:04 PM
@X:
Yeah, it’s a cookie. If you search your cookie jar, you’ll find a couple of cookies from totl….
David Magda • May 14, 2007 3:50 PM
Recently I had a friend ask me if he knew of a quick way to get an e-mail address ON TO spammers’ lists.
He wanted to do load testing on a test machine in a temporary domain before putting the system into production. Of course since no one used the domain it got no traffic. 🙂
Anonymous • May 14, 2007 5:53 PM
Look at link.
Look at Linux PC.
Figure ‘This’ll be interesting’.
Click link.
Tom • May 14, 2007 6:21 PM
I don?t think this would be a very viable method of disseminating malware:
1) Malicious people generally don?t like paying for things. There are cheaper/free ways of accomplishing the same thing.
2) Using Adwords would make it incredibly easy to trace the malware back to the source. You?d have to be incredibly stupid to actually do this (unless you used stolen credit cards etc)
3) If your site actually contained something malicious, how long do you think Google would tolerate it? I?d bet that after the first complaint they would remove your account.
Didier Stevens • May 15, 2007 1:35 AM
Look at link.
Look at Linux PC.
Figure ‘This’ll be interesting’.
Click link.
Actually, that would be:
Look at link.
Look at Linux PC.
Figure ‘This’ll be interesting’.
Change User Agent string
Click link.
guvn'r • May 16, 2007 2:33 PM
@David Magda, Craigslist.
Post there and you’ll get a few spams, respond to postings and you’ll get more. Do both and your traffic will reward you…
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Clive Robinson • May 14, 2007 7:18 AM
Bruce,
I had to think twice then check before clicking on your link 8)