Taking human stupidity to new extremes: Click here to infect your PC

Imagine yourself, on a dark, rainy day, browsing the Net and stumbling on a page that has an ad titled, “Click here to infect your PC”. Would you click on it? Of course not, right? But surprisingly, there are some people out there that will follow these kinds of links, and prove to the world they don’t have much of a brain.

If you think I’m wrong; that these kinds of situations do not exist, think again. Didier Stevens, a Belgian IT security professional, woke up one morning six months ago with the terrific idea of running an advertising campaign on a popular network, enticing people to infect their PC voluntarily.

His campaign cost him a total of $25, was displayed 259,723 times and received a total of 409 clicks. Yes—incredibly, 409 people clicked on the ad, in spite of a clearly displayed threat. When clicked, the link brought the victims to a simple, (very safe) Web page displaying these simple words: “Thank you for your visit!”. Naturally, Mr. Stevens made sure to log each visit properly so that he could compile statistics from them later.

Unsurprisingly, 98% of people that clicked on the ad ran Microsoft Windows. :)

For more details about the experiment, be sure to read Didier’s blog post on the subject.





Advertisement



23 Responses to Taking human stupidity to new extremes: Click here to infect your PC

  1. I'm pretty sure that in the 400 people or so that clicked on the ad, some of them must have been security professionals that were curious about what the ad would lead to :)

    That's probably where the 2% of the remaining OSs came from..

  2. I’m pretty sure that in the 400 people or so that clicked on the ad, some of them must have been security professionals that were curious about what the ad would lead to :)

    That’s probably where the 2% of the remaining OSs came from..

  3. No I'm sure more of them were complete idiots. My mom clicked "add and remove programs" and removed a bunch of stuff not knowing what she was doing. Then wondered why the Mine Sweeper link would open a dos box…

    She's learned from that since then but it does prove the "do not push" on the big red button syndrome actually exists in some people to choose to push it anyway.

  4. No I’m sure more of them were complete idiots. My mom clicked “add and remove programs” and removed a bunch of stuff not knowing what she was doing. Then wondered why the Mine Sweeper link would open a dos box…

    She’s learned from that since then but it does prove the “do not push” on the big red button syndrome actually exists in some people to choose to push it anyway.

  5. I'd click it just to see what it is since I'm using Linux and 99% sure it won't be aimed at my OS.

    "Push the big red 'do not press' button" syndrome is often part of the hacker personality. "But I wanna see what happens!!!" "Oh, what's this do?" "How's that work?" *press* "oh neat! I wanna do it again and figure out how it works!" *press* then they go off and reverse engineer the thing

  6. I’d click it just to see what it is since I’m using Linux and 99% sure it won’t be aimed at my OS.

    “Push the big red ‘do not press’ button” syndrome is often part of the hacker personality. “But I wanna see what happens!!!” “Oh, what’s this do?” “How’s that work?” *press* “oh neat! I wanna do it again and figure out how it works!” *press* then they go off and reverse engineer the thing

  7. Yes I agree… it doen't mean anything.

    People are curious to know what hides behind this strange link.

    I agree that a lot of people aren't critical when they surf the web but this is not a common case.

  8. Yes I agree… it doen’t mean anything.

    People are curious to know what hides behind this strange link.

    I agree that a lot of people aren’t critical when they surf the web but this is not a common case.

  9. It is a fantastic article.

    Still I can't forget the day, sooo many years ago, I was formatting a floppy on the work notebook of a friend, and after digiting:

    c:> format c:

    when the system asked if I really was sure, I told myself "funny, i'm never asked this question when I am formatting a floppy", and I answered yes…

    geez, then I understood the sentence "I've never seen a mistake I could never do" by Johann W. Goethe!

  10. It is a fantastic article.
    Still I can’t forget the day, sooo many years ago, I was formatting a floppy on the work notebook of a friend, and after digiting:
    c:> format c:
    when the system asked if I really was sure, I told myself “funny, i’m never asked this question when I am formatting a floppy”, and I answered yes…
    geez, then I understood the sentence “I’ve never seen a mistake I could never do” by Johann W. Goethe!

  11. Pingback: links for 2007-05-18 | Mansoor Nathani's Blog

  12. Remember though, Windows caters to the lowest common denominator much more than Apple or Linux does. Not to say all Windows users are part of this "low-denominator" category, but it is more than likely that most low-denominator users are Windows users. Also, Linux/Mac has that "but its different" stigma that many people don't like to grapple with.

    Most folks who use computers at their jobs use Windows, so they will naturally purchase a PC with Windows on it at home. Every single company I've ever worked at has used Windows as their desktop OS…and this includes working in the Public sector.

    People who use Macs & Linux at work are probably more than likely system admins/tech-heads or graphics artists (again, a generalization), all of whom are a bit more savvy when it comes to what/what not to click on when on the Internet.

    So I think the only real data this survey gave us was that the people who clicked on that link weren't thinking, clicked accidentally, were security professionals (as stated above) or were just ignorant…I suspect it is a combination of all these – too bad there wasn't a poll at the website asking the people these questions!

  13. Remember though, Windows caters to the lowest common denominator much more than Apple or Linux does. Not to say all Windows users are part of this “low-denominator” category, but it is more than likely that most low-denominator users are Windows users. Also, Linux/Mac has that “but its different” stigma that many people don’t like to grapple with.

    Most folks who use computers at their jobs use Windows, so they will naturally purchase a PC with Windows on it at home. Every single company I’ve ever worked at has used Windows as their desktop OS…and this includes working in the Public sector.

    People who use Macs & Linux at work are probably more than likely system admins/tech-heads or graphics artists (again, a generalization), all of whom are a bit more savvy when it comes to what/what not to click on when on the Internet.

    So I think the only real data this survey gave us was that the people who clicked on that link weren’t thinking, clicked accidentally, were security professionals (as stated above) or were just ignorant…I suspect it is a combination of all these – too bad there wasn’t a poll at the website asking the people these questions!

  14. As an expert in paid search ads, I can tell you these numbers don't mean a whole lot. It's a click-through rate of only 0.15%, which would be considered by most as a failed ad. Also, chances are that most of these impressions didn't come from people search on security terms, and were probably shown on Google's network of sites that agree to show ads for a cut of the money.

    Now if this was done on a more targeted level, we could probably get some more intriguing details.

  15. As an expert in paid search ads, I can tell you these numbers don’t mean a whole lot. It’s a click-through rate of only 0.15%, which would be considered by most as a failed ad. Also, chances are that most of these impressions didn’t come from people search on security terms, and were probably shown on Google’s network of sites that agree to show ads for a cut of the money.
    Now if this was done on a more targeted level, we could probably get some more intriguing details.