« Visa Merchant Agreement Violations | Main | Prius Outdoes Hummer in Environmental Damage »

May 16, 2007

People Will Click On Anything

Didier Stevens documented an interesting experiment, in which he purchased a Google ad that encouraged people to click on the ad to be infected. (Thanks for the pointer, Johannes!) Didier was curious to see how many people would actually click. More than you might think. It turns out, the "ad was displayed 259,723 times and clicked on 409 times. That’s a click-through-rate of 0.16%." Not bad at all, considering that the campaign cost around $23.

The ad said:

Drive-By Download
Is your PC virus-free?
Get it infected here

Enticing potential victims via ads to visit a site that turns out to be malicious is a popular attack vector. Exploit Prevention Labs documented one such example a few weeks ago, where a Google ad that seemed to advertise the Better Business Bureau took the victim to a malicious site before forwarding him or her to the actual BBB website. The malicious site used "a modified MDAC exploit to try to install a backdoor" and a keylogger on the victim's system.

Another example comes from Google's research paper that describes a malicious ad found on a video sharing site in December 2006. The page included a banner ad from a "large American advertising company. The advertisement was delivered in form of a single line of JavaScript that generated JavaScript to be fetched from another large American advertising company. This JavaScript in turn generated more JavaScript pointing to a smaller American advertising company..." The ad "resulted in a single line of HTML containing an iframe pointing to a Russian advertising company. When trying to retrieve the iframe, the browser got redirected, via a Location header" that directed the browser to retrieve malicious JavaScript.

Perhaps there is no need for attackers to create advanced redirection chains or elaborate deception schemes. As Didier Stevens' experiment confirmed, people will click on anything.

http://isc.sans.org/diary.html?storyid=2811&rss

Posted by Uzi Baron on May 16, 2007 at 1:55 PM

Comments

Do you really expect us to click on the link that says "Continue reading 'People Will Click On Anything"?

Posted by: anonymous coward on May 17, 2007 at 6:09 PM

Good point!!! ;-)

Posted by: Uzi on May 17, 2007 at 8:54 PM

Those were probably just spider-bots.

Posted by: Brian on June 24, 2008 at 4:45 PM

Post a comment




Remember Me?

(you may use HTML tags for style)


NOTICE: IT WILL TAKE APPROX 1-2 MINS FOR YOUR COMMENT TO POST SUCCESSFULLY. YOU WILL HAVE TO REFRESH YOUR BROWSER. PLEASE DO NOT DOUBLE POST COMMENTS OR I WILL KILL YOU.