Imagine yourself, on a dark, rainy day, browsing the Net and stumbling on a page that has an ad titled, “Click here to infect your PC”. Would you click on it? Of course not, right? But surprisingly, there are some people out there that will follow these kinds of links, and prove to the world they don’t have much of a brain.
If you think I’m wrong; that these kinds of situations do not exist, think again. Didier Stevens, a Belgian IT security professional, woke up one morning six months ago with the terrific idea of running an advertising campaign on a popular network, enticing people to infect their PC voluntarily.
His campaign cost him a total of $25, was displayed 259,723 times and received a total of 409 clicks. Yes—incredibly, 409 people clicked on the ad, in spite of a clearly displayed threat. When clicked, the link brought the victims to a simple, (very safe) Web page displaying these simple words: “Thank you for your visit!”. Naturally, Mr. Stevens made sure to log each visit properly so that he could compile statistics from them later.
Unsurprisingly, 98% of people that clicked on the ad ran Microsoft Windows. :)
For more details about the experiment, be sure to read Didier’s blog post on the subject.