Slashdot Mirror
Click Here To Infect Your PC!
Email me for FREE viruses writes "Just how many people would click an ad saying "Is your PC virus-free? Get it infected here!"? According to the security researcher who ran that very ad on Google for 6 months, 0.16% (409 of 259,723) would click on it. 98% of those people were running Windows. The Google Adwords campaign cost $23 in total, which works out to $0.06 per infection had the site actually been malicious."
Goatse!
Everyone loves a good goatse.
Then went and clicked on the link in the article? :P
to tech professionals, that users need clue distributed by bat
Blah blah sig blah blah blah irony blah blah
The sad thing is that using something more enticing like "Free boobs this way" would send millions of clueless Joe Windowses your way... All ripe for the picking.
.: Max Romantschuk
At a click rate of 0,16% - about one in 600 - I have to wonder if not a fairly large portion is simple click errors. You intend to click on some other link nearby on the page but by mistake click that one instead. There's several kind of interaction slips just like that that we do in other circumstances after all.
Trust the Computer. The Computer is your friend.
It's news that at least 0.16% of people are idiots? Actually I'm shocked the number was this low. This is actually good news.
You want to know who isn't running Firefox 2.x? They spell it "definately" and "rediculous".
sorry, couldn't RTFA because the link text was kinda prohibiting.
the poster makes it sound as if the conclusion from the statistic is something like "oh my god, windows users are sooo dumb". but also quoting the percentage of all users using windows would reveal a prior probability of something in the 90s already. so, assuming that the "experiment" has an error greater 0, the deviation between the prior probability and 98% has almost no significance...
Not exactly.
$0.06 per infection attempt, which is obviously not the same thing.
May Peace Prevail On Earth
This just goes to show, not matter how much you warn people they're about to do something really dumb, the still will. How many people do you think read that advert, though "No, it can't possibly mean that..." and then clicked on it to see?
At first I thought the same thing, just random misclicks. But then it hit me, there are a large number of users on the internet that don't have the know-how to install a virus on a computer of someone they hate, like an uppity coworker.
Imagine a bussiness model that would allow anyone to simply 1-click and install a virus (not a feature, those are patentable). Revenue would be generated with advertisments downloaded by the trojan, that would popup at random times on the victims computer. In essence, the victim would have to pay for the service. Brilliant!
And of that tiny percentage how many were Windows users taking the fairly safe bet that the ad didn't do what it said?
The comments give the browser stats:
335 - some version of IE
52 - Some version of Firefox
5 - other
That gives Firefox a 15% share.
Tim.
God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
Hell, if I saw that link I'd click on it for sure. Well, I might drop to Cygwin and use lynx "just in case", but there's no way I'd not investigate such a link.
0.16%? I'd have guessed far more would click.
/. effect.
Next time call it "hot chicks with huge tits want to give you some love virus". I predict a
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I once explained that browser security is almost entirely determined by the user. This proves it. I wouldn't trust that 0.16% with a pocket calculator, let alone a computer!
You can't write code or design software that will secure "stupid." Firefox and Linux are certainly easier to secure, and they have a better security model, but they aren't idiot proof.
If those folks were using an abacus, they'd probably get their head stuck in it! <G>
--
Toro
I think it might very well be possible that many of those clicks are made from computers that are not owned by the user. Like maybe the school's computer or a friend's (who has wronged you) computer that the user (who has access, but not the know-how of how to infect)would want to harm. So I'd wager that quite a few of those clicks would not qualify as a completely idiotic act.
Maybe people clicking this link are not so dumb.
I would say that people clicking "Click here to check if your PC is virus-free !" are more stupid.
Personally, I wouldn't have clicked the "get infected", but I understand curious people who would because they are confident in their protection and this is kind of joke. When I see "Get your PC infected !", I think "no way, nobody can want this, must be a joke or something".
Of course, being confident in one's protection and using Windows IS stupid...
We need to go on a crusade to teach people how to surf porn safely, such as avoiding using a firewall on a microsoftie, but to make sure you have a hardened system first!
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
sometimes you just like to know that it is working.
I wonder if average users of AV software look at their "quarantined files" and do a rough calculation of how much each of them cost..
"Hmm, I paid $60 for AV software this year and I've had a grand total of 4 files quarantined.. that's $12.50 per file."
I guess not, as 99% of people probably have zero files quarantined, not counting the false positives (I know I do).
How we know is more important than what we know.
Given the demographic involved in this case, it's almost certainly the same thing. I think it shows up in Wikipedia as an example under "Inevitable" or "Foregone Conclusion."
Error:
It is possible that some folks were testing their antivirus/patch status when they clicked? How many of them were loading the web page for forensic analysis?
;^)
Security "white hats" do things like that you know. All those hits could be FBI agents for all we know.
--
Toro
From a browser perspective, 52 clicks were Firefox and 335 were IE (added up from TFA). So, 13% of those who clicked were using Firefox. From what I recall, 10-15% of all internet surfers use Firefox... I personally would have suspected a larger proportion of IE users.
Last time I ran a Google Adwords campaign, they'd drop your advert if you get less than a threshold clickthrough rate. I think it was 0.5%. It was certainly higher than 0.16%. So how did they do this? Have Google dropped that restriction?
for not RTFA'ing. Being a true /.er, here's my opinion anyway:
Microsoft sucks. Users are idiots.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
of course these clicks couldn't be from Spiders/Robots, a lot of rogue bots/spiders use the IE UserAgent so as to fool logs, they tend to click on every link (adverts and hidden spam trap links included) i know ive grepped my logs and see so-called IE "users" clicking on every single link and download on my site within 10sec, all the time (must be fast readers or a bot) look for MFC in the UA string too as this is a sign of the IE COM component which is what a lot of the bots/spiders use for their dodgy page slurping
so by the time you remove the bots from these stats you are probably left with 3 genuine clicks and a load of "LOL this advert cannot be serious, lets have a look" clicks
Would any aggressive cache pre-fetch engines follow links like this?
My good friend once joked that 95% of users would double click an icon named "ClickMe.EXE", without much thought at all.
the other 5 percent would right click and select open.
Free boobies for all!
Cute booby chicks for your delectation! aff
en.wikipedia.org
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
'I think it might very well be possible that many of those clicks are made from computers that are not owned by the user'
Without any evidence to the contrary your argument is entirely specious. How do we know they weren't space aliens.
was Re:Malicious intent (Score:5, excuses~1)
davecb5620@gmail.com
'It is possible that some folks were testing their antivirus/patch status when they clicked?'
On the other hand it is possible that 100% of Windows users are morons as against 2% for the rest. No one in his right mind would click on a malicious link to test their antivirus/patch status.
As a test, in your work place, set up a power socket with a sign over it that says 'Testing the ELCB system, please insert fingers in socket'. Lets see how many you get.
Re:This is only a test....
davecb5620@gmail.com
Was this story really submitted by Gates himself?
For those who seek perfection there can be no rest on this side of the grave.
How many people would click that stupid "Allow" Button if it said "Were gana fark up your PC....Allow?"
The greatest revenge in life is massive success.
Virus scanners create a false sense of security.
.exes from "FREE!!!!!!!!!" sites, use Internet Explorer, etc.
<user> I have Norton. My computer is now immune to all viruses.
(one week later)
<user> I have a virus, can you fix it?
I've seen people many times think that because they had Norton or McAfee, that they could do whatever they want without having to worry about getting a virus and act reckless. Open every attachment they get in email, downloading and running random
"The Federal Reserve is a fraudulent system."--Lew Rockwell
End The FED. -
Think twice before you wish that such people switch to Linux.
I'm not elitist. I just think that a smaller market share is the best market share.
409 of 259,000 people is a pretty small percentage. How many of those clicks were just accidents where people only read the first sentance? How many were just mac people trying to make windows people look bad?
boycott slashdot February 10th - 17th check out: altSlashdot.org
I'd just like to point out that all of you posting on this thread got here by clicking a link which says "Click Here To Infect Your PC!". Therefore, by the authors logic (and the logic of many of the posters themselves) you're all a bunch of morons. Congratulations!
I wasn't talking about virus scanners, I was thinking more along the lines that it's very unlikely that the ad did what it said it would do, and much more likely it was study or a joke -- people would guess that before clicking it.
$23 to come up with this figures, cheap!
He comes into work one day and you can tell by looking at him that he's pissed. He goes into the break room to get ready for the shift so I go back there and ask him what's wrong.
He says, "I'm need a new ****ing computer."
I ask why...
"because the one I have now is too slow. I can't use the web because I get hundreds of popups."
I tell him that's a pretty easy thing to fix and off to burn a CD and write up some directions for him.
He tells me that won't work... again, I ask why.
"Because I'm ****ing sick of Microsoft."
I tell him I totally understand that, but that his problem with the pop-ups is pretty easy to fix.
He says, "No, it's not. I click on all the Windows that ask me if I want to remove the viruses from my computer and they are always charging me $20-$40 per virus. I spent almost $400 last week!"
Another computer savvy employee had joined the conversation by this point and we both looked at each other in complete disbelief. The guy wasn't joking...
sig.
I'm disappointed.
The poster also makes it seem as if it's some huge surprise that 98% of users clicking the link are Windows users. I don't find it surprising at all given that Windows has an extremely large market saturation and Windows users are the only ones who are concerned about viruses and protecting themselves. There's only a few AV products for Linux, and Macs users don't have to worry about viruses at all anyway, so why would they bother?
What ads?
80 CC D8 AF AE D3 AB 54 B7 2E CE 67 C7
You are giving end users way to much credit.
Was the following statement an accidental troll? It's certainly bogus unless you replace "of people" with "of UNIX users".
If you mod me down, I shall become more powerful than you could possibly imagine.
It's just like telling children "don't touch that". It only makes it more alluring...
biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
According to Netcraft, 98% of anything is done by Win users. Whodathought that?
"click here for virus" sounds like a joke.
A better study would involve a warez site with an application designed to trigger false positives among AV scanners. I wonder if embedding a virus in a function that never gets called would set off a virus scanner.
The article didn't mention any actual vulnerability detection. The price per infection at least quadruples when you consider that the web site would have a very difficult time determining in what ways each client was vulnerable and then providing the proper payload. The quoted price per infection was for advertising only. Since AdWords uses the logevity of your web site to rank your ads on their results pages, you would need to host this on a paid-for web host/connection because a hacked account is very temporary.
One explanation is that those clicks are by security researchers, probably running a virtual machine to test the link.
Some state, I think Washington, was suggesting a law requiring any mountain climber to carry a GPS. Sounded fine to me, but a *real mountain climber pointed out that sometimes security & safety are bad.
The reasoning is like in your example: the GPS makes amateurs feel like they can try things they shouldn't. And AV programs make people open more attachments, click more ads, etc.
My turnips listen for the soft cry of your love
Why do people assume that the 409 persons who clicked that ad are stupid? If I had seen such an ad, I would have clicked it, because I know how not to get infected, and that it would have aroused my curiousity.
Maybe some of the 409 persons are clueless and dumb, maybe some clicked by error, and maybe some were curious and amused.
You just got troll'd!
Real men don't use virus scanners.
I actually just bought a toshiba laptop and the first thing to get ripped out was McAfee because it annoyed the living shit out of me.
I'm encouraged by the fact that only .2% clicked the link. I would have thought there were more curious risk takers and complete morons out there.
By default adwords places the ads also on the Google Network (the famous ads by Gooooogle). The website owner gets some revenue if users click on the link. Inscupulous webmasters pay people to visit sites and randomly click on ads.
Does anyone know how much Google refunds advertisers for "quality adjustment"? It is probably above the difference between 0.16% and the typical 2-3%.
The tester did not take into account that his/her ad will also appear on 3rd party websites which the owner stands to make money from. There are many groups that take advantage of ads being displayed on their own 'ring of websites' and will generate fraud clicks no matter what the title/description of the ad displayed.
Example:
Joe runs a website. Joe decides he wants some income for his website and signs up for Google Adsense which displays contextual Google ads on his website. Google gives Joe a percentage of the revenue (30-40%?!-google doesn't tell exactly how much.) Joe decides to get some of his friends to click on his ads to boost his monthly revenue. Joe makes more money, and the ad gets more clicks. Advertisers have no idea that Joe is falsely generating clicks and will happily pay Google for the clicks, which in turn Google pays Joe his dividends as well.
Now if the tester turned off the ability to have his ads displayed on 3rd party websites, then the test would carry a bit more ground.
I'm not saying people aren't dumb enough to click on the ad, I'm just bringing up a valid point that exists in web advertising everywhere, especially Google (even they will tell you that their fraud systems will catch the persons 100% of the time - lol)
h
Valkyrie is about to die! Wizard needs food -- badly!
No, its more like buying an aftermarket parachute because the breaks are defective.
I feel like this is an example of someone getting results then not being willing to think the situation through because he is so fond of the one explanation he has (ie that people are stupid).
Minti: What's that huge shuriken in your back?! Kin: It's the instrument of my victory.
409 / 259,723 ~ 0.001574% ...not 0.16%.
---
John Martinelli
RedLevel.org Security
10 FILL MUG WITH COFFEE
20 DRINK COFFEE
30 GOTO 10
The submitter "email me for FREE viruses" has an e-mail link to bgates@microsoft.com
You constantly struggle for self improvement - and it shows.
Hooray for bad Engrish on fortune cookies
Sorry you are wrong, the percentage calculation should be:
409 / 259,723 * 100 ~ 0.16%
By definition, 1/100 is 1%, 1/100 = 0.01 * 100 = 1
Just another "Cubible(sic) Joe" 2 17 3061
So 2% were running some superior OS? I am appalled that a single Linux or Mac user would fall for this. You would think that someone who bold enough to think outside Microsoft's box would read before they clicked. Well, maybe a Linux user clicked on it on purpose just to get a kick out of the fact that his/her system is immune to the virus they think they were exposing themselves to.
Its more than likely just the click fraud. Having worked on internet ad servers and reporting engines, its a pretty reasonable number for people deliberately trying to improve their CPC by cheating.
I know people are desperate to believe that some people are stupid, and masturbate at the thought of them, like, getting their computer all screwed up because they deserve it for being so dumb, but cheating is a far more logical, and real explaination.
"Old man yells at systemd"
First of all, the worst-case scenario for a computer virus infection is much, much worse than $1000. Image a scenario where spyware steals all your login details, sends out all kinds of emails in your name, charges your creditcard(s), exposes all your purchases and visits, wipes your hard drive, steals your Steam account ;) , etc.
Especially the loss of data can be devastating. Big companies probably have things pretty well secured and backed up, but for small businesses and institutions an infection can be very nasty (client information compromised, years of research lost, temporarily being unable to operate, etc.). And what about cases where all precious family photo's are lost?
And of course the ultimate worst-case scenario for an STD infection is death, but I think that a worst-case scenario in a computer virus situation is more common than death from an STD.
Firehed - Unfortunately, thanks to medical breakthroughs, common sense is not as common as it once was.
There have been exploits that don't require you to click on anything. Most of these involve javascript which I keep turned off.
(link to video) those Girls pledging to support abolishing women's suffrage
Tyranny isn't the worst enemy of a democracy. Cynicism is.
Performed for curiousity sake from a test system, re-imaged shortly thereafter.
I wonder how many of the IE hits are from ad-clicking bots pretending to be IE. I think those things do some amount of random ad poking, to hide their tracks.
If you mod me down, I shall become more powerful than you could possibly imagine.
What do you think the percentage would be if the ad had said "Is your Mac virus free?"? Again another incorrectly posed statistics question. How many MAC users think of their personal computer when confronted with the term PC? Even thought they are using a PC they commonly think of it as a MAC and PC's are those which use windows or Linux. Therefore, the any results broken down by linux/windows/mac users are already biased and meaningless before the question is asked. Now if we want to look at how the general surfing population can be directed by a flashing banner ad. Then they're onto something.
A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.
..then I wouldn't just say "dumb user." I'd also say, "amazingly defective web browser." I never worry about the "consequences" of clicking links, except for what they might do to my mind (e.g. goatse).
The story here isn't that people clicked the link; the story is that it still apparently matters what people click. In other words, there are still some MSIE users out there.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Oh the late 90s, what memories
According to Netcraft, 98% of anything stupid is done by Win users. Whodathought that?
There, fixed it for you.
And for anyone who thinks this is a troll, RTFA - 98% of the lusers who clicked the link were running Windows. Bwahahahahaha!!!
98% of computer users run Windows...
That's what I meant by zero-day exploits. Recently there was a buffer-overflow exploit in jpeg rendering. These sort of things are always popping up, but they are fixed very quickly because they are very dangerous. But, as I said above, these are a danger regardless of what sites you visit.
For most users, yes that is among the worst, though not the worst.
Worse than reinstall: Having your private records emailed to others
Especially if your private records are government espionage records. Say your machine had a document you were preparing for your superiors detailing activities of some of your undercover intelligence operatives in foreign countries. Say the computer infection sent that information out. Worst case under this scenario: death of your agents, and death of your fellow citizens as they get slaughtered due to your government not knowing the details of an impending attack. Indeed, in this worse-case scenario the fatal STD is the minor incident since potentially thousands or even millions could be killed as a result of your machine getting sick.
What if your personal files were mailed out and the information in them led to the death of yourself or another? Say you had incriminating information that if others found out they may get violent over? What if that was emailed out.
I've seen this scenario on a less-than-fatal happen. I've seen people's Windows PCs get infected and their personal financial records emailed out to everyone in their address book.
What if your Windows Mobile device gets a virus on it locking your phone - preventing you from placing that call to 911? You or others (or both) could die from not having emergency medical arrive in time, if at all.
Most STDs are not fatal, even if untreated. Most Windows machine infections are not fatal, even if treated. But to say that they can not be is to not look at the potential or to consider the extent of which computers are integrated into our lives.
My Suburban burns less gasoline than your Prius.
But I'd love to see what he'd say to the 0.16% of Slashdot readers who email him to ask for their free virus... :-)
Maybe he'd send them coupons that give you a discount when buying Vista Ultimate?
I think this Didier Stevens (if that's his name, didn't follow the link myself) counts as a troll, whether he's claiming to do research or not. He can't explain or document WHY those 409 people followed the ad. His "research" doesn't prove that those 409 people are stupid and clueless, because he can't document WHY they clicked on his ad.
More likely than not, those were the *most* intelligent of the 260,000 people that saw it, and were completely stunned and disbelieving that anyone could place such an ad, and thus were compelled by curiosity to investigate the ad (no doubt with extreme caution).
I, frankly, would like to hear from some of those 409 people. Their story is probably much more interesting than reports of this troll's "research".
Why? It demonstrates how stupid somebody is to believe that .16% stupid people is something that is NEWS.
.16 isn't even on the radar.
.16% were probably SMART and CURIOUS people with a lot of security software installed on their Windows machines who clicked on the ad to see IF their system could be infected. For all we know, they were all running their browsers in a VM!
The number of stupid people is more like 98%.
In fact, those
Morons wrote the article.
Morons published it here.
'Nuff said.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Can someone please explain the relevance of the "98% of those people were running Windows" statement? This is an honest question and I just don't see the correlation between how many people are dumb enough to willingly click on an ad to infect there PC with a virus and what OS they are running.
Shut up brain or I'll stab you with a Q-Tip. - Homer Simpson
I have a Windows and Linux box. I'm pretty careful with browsing on the Windows box because of malware concerns. On the Linux box I just click anything... nothing to worry about.
Engineering is the art of compromise.
Oh, ok. So 99% of the 98% who clicked the ad ... clicked an ad that wasn't shown? I don't get it. Or are you suggesting something vague about the way Adblock Plus works?
Its Just Like those adds that promise me prizes and then when I click on them I never get anything. This offered me viruses and do I get any?
I clicked the link TWICE and still didn't get infected. :(
Wasn't that 100% of anything stupid?
Did you have a capcha guarding the site?
Are you really known they were the real people?
This brings back a memory.
One day, many years ago (around '94, maybe '95), I was browsing around for cheat codes for Rise of the Triad, and came across a link that said "If you're dumb, click here". I ignored it of course, but later my curiosity got the best of me. It lead to a site with a count down, saying when it reaches 0, your computer will crash, and to leave now. So I closed the window. But, I got curious again, and went back. I was on a Mac running system 7.something, and figured "Oh, it's probably targeted for Windows anyway". the countdown reached 0, and the little bomb prompt came up, forcing me to reboot. I never could find the site again after that, to figure out how it worked. Anyone ever come across it?
In any case, links like that can be irresistible, you want to see what happens. Especially if it's not your computer.
How many of those virus clickers were surfing the internet on computers they didn't own? Take a kid on a school computer, sees a virus, and goes "Okay! why not?".
I have to say that years ago I wrote a little vb app as a joke for april fools day that said that it was deleting windows froze up your pc and showed a fake bluescreen of death until the user did a ctrl+Q (it didn't tell you that though) and dropped it on the desktop of 5 ppl at work (at a place that I was doing IT)- the app was called "virus.worm.exe" all 5 of them tried to open the file when they saw it there and called me to fix their pc's. so I have to say that I am surprised so few clicked through the link.