Didier Stevens

Monday 7 May 2007

“Is your PC virus-free? Get it infected here!”

Filed under: Malware — Didier Stevens @ 6:12

Would you click on this Google ad?

drivebydownload1.png

No? Sure? Because 409 persons did!

How do I know? Because I’ve been running this Google Adwords campaign for 6 months now.

Last fall, my attention got caught by a small book on Google Adwords at our local library. Turns out it’s very easy to setup an ad and manage the budget. You can start with a couple of euros per month. And that gave me an idea: this can be used with malicious intend. It’s a way to get a drive-by download site on the first page of a search result (FYI, I’ve reported on other ways to achieve this). So I started an experiment…

  1. I bought the drive-by-download.info domain. .info domains are notorious for malware hosting.
  2. I setup a web server to display a simple page saying “Thank you for your visit!” and to log each request. That’s all. I want to be absolutely clear about this: no malware or other scripts/code were ever hosted on this server. No PCs were harmed in this experiment.
  3. I started a Google Adwords campaign with several combinations of the words “drive by download” and the aforementioned ad, linking to drive-by-download.info
  4. I was patient for 6 months

During this period, my ad was displayed 259,723 times and clicked on 409 times. That’s a click-through-rate of 0.16%. My Google Adwords campaign cost me only €17 ($23). That’s €0.04 ($0.06) per click or per potentially compromised machine. 98% of the machines ran Windows (according to the User Agent string).

In a previous post on spamdexing , I reported 6,988 click-throughs to malicious websites over a 3 month period. That’s 2,329 click-throughs per month, compared to my 68 click-throughs per month. The Spamdexing “R” Us operation was much more successful than my little experiment, but at a greater cost (they ran a bunch of dedicated web servers). I’m sure I could get much more traffic with a higher Google Adwords budget and a better designed ad.

This is how my ad looks on a search result page:

drivebydownload2.png

I designed my ad to make it suspect, but even then it was accepted by Google without problem and I got no complaints to date. And many users clicked on it. Now you may think that they were all stupid Windows users, but there is no way to know what motivated them to click on my ad. I did not submit them to an IQ-test ;-)

Recently there have been several stories in the press pointing out that this technique is used “in the wild”. That’s why I’m publishing my results now, but my experiment is still running. Of course, the nature of the experiment has changed now that I have revealed it, but it could still turn out to be interesting.

You can find a video of Google showing my ad here hosted on YouTube, and you can find a hires version (XviD) here. Not the best quality, but I wanted to show off my new Nokia N800.

I want to thank all participants of my experiment.

192 Comments »

  1. [...] “Is your PC virus-free? Get it infected here!” – Didier sent me this on the weekend. I can’t believe how many people clicked the link! Last fall, my attention got caught by a small book on Google Adwords at our local library. Turns out it’s very easy to setup an ad and manage the budget. You can start with a couple of euros per month. And that gave me an idea: this can be used with malicious intend. It’s a way to get a drive-by download site on the first page of a search result (FYI, I’ve reported on other ways to achieve this). So I started an experiment… [...]

    Pingback by www.andrewhay.ca » Suggested Blog Reading - Monday May 7th, 2007 — Monday 7 May 2007 @ 12:04

  2. Is the ad bot-proof? How can you tell that it is real people clicking on the link?

    Comment by Charlene — Monday 7 May 2007 @ 14:03

  3. [...] Of course, one can surmise that people clicked on the sponsored link thinking they were going to get help with viruses. Or maybe they just clicked out of curiosity. At any rate, it’s a great blog entry and you can read his story here. [...]

    Pingback by Hackers Blog » Blog Archive » The Amish Virus through Adwords — Monday 7 May 2007 @ 16:28

  4. Nice writeup and test Didier … however this just shows ‘normal human behaviour’ and I’ve seen this for ages now … At least you can find some free solutions which I mentioned at my blog today which you can find at http://www.anti-malware.info/weblog

    Comment by Eddy Willems — Monday 7 May 2007 @ 17:31

  5. harvesting using adblock

    Didier Stevens conducted a little experiment: What if he used adword and told people to visit his blog to get infected by a malware? His ad was saying “Is your PC virus-free? Get it infected here!” and it ran for 6

    Trackback by Of Spam & Men — Monday 7 May 2007 @ 19:47

  6. Nice experiment and write up. Well done. Just my 2 cents on the IQ of those visitors: Maybe some people clicking that link were in a hurry, and trying to “download” a solution to check if their PC is virus-free. I know that I sometimes click OK / Next / Finish without having read and analyzed every single word. “Download – Is your PC virus-free? Get it … here! Download” can be misleading.

    What I’m trying to say is that some of the visitors might need help on reading more carefully, maybe help with workload / stress levels (GTD?), and for some non-English natives the word “infected” could be a false friend to something good in their own languages. So what was “designed to make it suspect” by Didier failed with others.

    Comment by Kai — Tuesday 8 May 2007 @ 9:09

  7. What was the browser breakdown on these visitors?

    Comment by Carl — Tuesday 8 May 2007 @ 14:30

  8. [...] “Is your PC virus-free? Get it infected here!” is an interesting experiment by Didier Stevens. Whilst he declares that 98% of the visitors were Windows users it’s a shame he doesn’t say what the browser breakdown was. Unfortunately it leaves me asking more questions than it answers, but I’ve asked for more info [...]

    Pingback by Carls Blog » Blog Archive » Drive-by Download — Tuesday 8 May 2007 @ 14:30

  9. @Charlene

    I’ve also wondered if the click-throughs came from humans or from programs for click-fraud. I know that Google fights click-fraud in its Adwords program by observing click patterns. There are 416 hits in my logs and 409 clicks reported by Google, I think the 7 missing hits are bots that Google detected.

    Comment by Didier Stevens — Tuesday 8 May 2007 @ 19:08

  10. @Kai

    About the design of the ad: Google Adwords limits the text of an ad. For example, Adwords refused my ad that said “Click here to get infected!”. The alternative, “Get it infected here!” was accepted.

    Comment by Didier Stevens — Tuesday 8 May 2007 @ 19:13

  11. @Carl

    Here is a breakdown:

    IE 5.5 1
    IE 6.0 286
    IE 7.0 48
    Safari (419.3) 1
    Opera 9.01 1
    Opera 9.10 1
    Firefox 1.0 7
    Firefox 1.5.0.7 9
    Firefox 1.5.0.8 2
    Firefox 1.5.0.9 3
    Firefox 2.0 3
    Firefox 2.0.0.1 6
    Firefox 2.0.0.2 1
    Firefox 2.0.0.3 21
    SeaMonkey 1.1 2
    AdsBot-Google 24

    Total 416

    There are 416 hits in my logs and 409 clicks reported by Google, I think the 7 missing hits are bots that Google detected.

    Comment by Didier Stevens — Tuesday 8 May 2007 @ 19:18

  12. It’s interesting to note that the various versions of Firefox had a substantially large number of hits – I’d be curious to compare the breakdown of clicks by browser to the market-share percentages of the various browsers. It looks like using Firefox rather than IE is no guarantee that you’re any more clueful than your average IE user. Or perhaps Firefox users feel more invulnerable, it’s hard to say. It is amazing that anyone clicked at all. Athough, I have the “junk” computer that I regulaarly nuke and pave, that’s isolated outside my firewall that I use for amusement purposes to see what diseases I’ll pick up wandering around the Internet. If I’d seen the ad, I might’ve clicked on it myself :-)

    Comment by Bill Bohrer — Wednesday 9 May 2007 @ 14:44

  13. [...] lo que han hecho un montón de personas en un “experimento” ¿sociológico? hecho por Didier Stevens. Es decir, picar con la [...]

    Pingback by InfoSecMan Blog » Blog Archives » No Leas Esto — Wednesday 9 May 2007 @ 16:48

  14. Barely 10% is hardly “substantial”, and IE users are more prone to problems, hence the higher interest versus, say, the couple Apple users who generally don’t have to worry about such problems. The way the text reads I wouldn’t be surprised if Aunt Betty or Grandma Martha or cousin Cletus misunderstood the banner. I’d be most interested in knowing how many of those clicks came from technical people actually interested in seeing what someone had set up to infect others.

    Comment by ReallyEvilCanine — Wednesday 9 May 2007 @ 17:25

  15. I think the Firefox users suffer from arrogance. (I know that I do :) ) We’re so certain about our personal security, that we click on things anyway. [Adblock/NoScript]

    Comment by Jason Mac — Wednesday 9 May 2007 @ 18:11

  16. @Didier && @Bill

    Thanks for getting the browser stats up. My main interest was what ‘type’ of users these were. If I was a security researcher and/or involved in debugging such an issue would I be running FF? Would I be viewing it on a sanitized/throw away virtual machine? Would I really be using IE?

    Vague brain dump would suggest that most of the IE users who clicked are hapless fools or pointy haired boss types (do they go in the same category?!?) and a very small percentage are fearless FF users interested to see what it is or again in the hapless fool category…

    Unfortunately its all just guess work as FF may be considered ‘main stream’ nowadays and without further research, guess work is all it’ll be for now :(

    Interesting anyway and thanks again for posting Didier.

    Comment by Carl — Wednesday 9 May 2007 @ 18:44

  17. I’ve also been wondering about security researchers visiting the site. 2 remarks:
    - I usually use wget on a Linux box to access a suspect site, without changing the User Agent string. I know of other researchers also using wget. There were not wget user agent strings in my logs.
    - Suppose the researcher doesn’t click on the ad, but goes to the site directly with wget. If he doesn’t provide a referer to wget, there won’t be a referer in my logs. I have about 100 entries without referer.

    Comment by Didier Stevens — Wednesday 9 May 2007 @ 19:43

  18. [...] belgische Blogger Didier Stevens hat in den letzten sechs Wochen eine Test bei Google-Adwords durchgeführt. Er hat eine Anzeige [...]

    Pingback by Ist Ihr PC virenfrei? Infizieren Sie sich hier! - aritso-blog — Thursday 10 May 2007 @ 8:14

  19. [...] Get it infected here!” So lautete der Anzeigentext der Google AdWords Anzeige, die Didier Stevens über ein halbes Jahr schalten ließ. Dazu kaufte er mehrere Variationen des KeyWords [...]

    Pingback by SearchLab - SEO-Blog » Blog Archive » Werbung verspricht Malware, würdest du klicken? — Thursday 10 May 2007 @ 14:57

  20. [...] In den 6 Monaten ist die Werbung bei Google 259723 mal angezeigt und tatsächlich 409 mal angeklickt worden. Wer den Artikel mal lesen will: Didier Stevens Blog [...]

    Pingback by Malte Domsky » Blog Archiv » “Is your PC virus-free? Get it infected here!” — Thursday 10 May 2007 @ 20:22

  21. Some of your visitors may well have been Linux or BSD users who figured they could fend off whatever you presented to them. (And possibly claiming to be IE users….)

    Comment by David Harmon — Monday 14 May 2007 @ 12:26

  22. I wonder how much of that was just inadvertant clicks. I don’t think I’ve ever actually clicked on a google adword (or any other kind of advertising on a site) intentionally, but I have just accidentally clicked in the past. Of course, I compulsively select big bunches of text while I’m browsing, generally, so perhaps that’s just me.

    Comment by CJ — Monday 14 May 2007 @ 14:38

  23. Mind you, Spike Milligan reputedly once placed an ad in the back of the satirical magazine Private Eye reading: “Wanted – rich elderly widow – object, murder” and got several replies.

    Comment by Richard — Monday 14 May 2007 @ 15:12

  24. This is typical corporate user behaviour. Users in general do NOT think about what they click on, they just see something that grips their ferret-like attention for a split second and they go for it. Users on “my” networks in the past have clicked on emails with the subject “a Love letter!”, with local politicians names as senders, without wondering whether it is reasonable that the mayor would send a hot letter to the local park wardens. It is a miracle that these people do not actually lick wall sockets on a regular basis. It’s been a decade since I had any hope at all concerning the future for humans…

    Comment by HQ — Monday 14 May 2007 @ 15:17

  25. I agree with Jason Mac “. . . We’re so certain about our personal security, that we click on things anyway. [Adblock/NoScript]”

    Being the helpful souls we are I’m certain at least a few of them were prepared to find out who was doing this and nail their a** to the wall.

    Comment by Matthew Carrick — Monday 14 May 2007 @ 15:44

  26. I run Linux, so I have no reason to fear clicking such a link.

    Comment by Joe Buck — Monday 14 May 2007 @ 16:10

  27. [...] Schneier points us to a story from a person who decided to see how many people would click on a Google Adwords link that was [...]

    Pingback by The Connected Lawyer » A Foolproof Way to Infect Your PC with Malware — Monday 14 May 2007 @ 17:19

  28. I don’t think this would be a very viable method of disseminating malware:

    1) Malicious people generally don’t like paying for things. There are cheaper/free ways of accomplishing the same thing.

    2) Using Adwords would make it incredibly easy to trace the malware back to the source. You’d have to be incredibly stupid to actually do this (unless you used stolen credit cards etc)

    3) If your site actually contained something malicious, how long do you think Google would tolerate it? I’d bet that after the first complaint they would remove your account.

    Interesting experiment though.

    Comment by Tom — Monday 14 May 2007 @ 20:41

  29. It has recently been used by malware authors, McAfee has blogged about it and I refer to another article in my post. And here is another one: http://blog.washingtonpost.com/securityfix/2007/04/virus_writers_taint_google_ad.html

    Comment by Didier Stevens — Monday 14 May 2007 @ 20:53

  30. [...] blogger Didier Stevens. Die von ihm bei Google geschaltete Anzeige mit der Überschrift “Is your PC virus-free? Get it infected here!” blieb mehr als 6 Monate im Adwords-System der Suchmaschinenfirma (evtl. weil die verlinkte [...]

    Pingback by Trierer Medienblog » Gefährliche Internetseiten — Monday 14 May 2007 @ 22:11

  31. [...] “Is your PC virus-free? Get it infected here!” Would you click on this Google ad? [image] No? Sure? Because 409 persons did! How do I know? Because I’ve been […] [...]

    Pingback by Top Posts « WordPress.com — Tuesday 15 May 2007 @ 0:01

  32. I often click on obviously malware infested links just to see what the scam is. Trusting the security I have set up on my Mac and web browser, I’ve never beeen victimized. I suspect as do others, that a number of those clicks are from the security curious out there.
    However, I also firmly believe that the average computer user is a complete dolt when it comes to knowing anything about the malicious intent behind phishing schemes, moronic “search bars”, and shiny objects that they can download.

    Comment by Don in Indiana — Tuesday 15 May 2007 @ 9:08

  33. @Don
    I don’t suppose you change the User Agent string of your browser to spoof MS IE ;-)

    Comment by Didier Stevens — Tuesday 15 May 2007 @ 9:20

  34. [...] Didier Stevens purchased this lovely little google ad – that offered to download a viurus to your PC. and 409 people clicked on it. [...]

    Pingback by People will click on anything it seems « Lance Wiggs — Tuesday 15 May 2007 @ 9:36

  35. Linux FTW.

    Comment by Sam — Tuesday 15 May 2007 @ 15:21

  36. [...] proof that people are morons Hundreds Click on Google Ad Promising to Infect Their PCs [...]

    Pingback by More proof that people are morons - Nissanclub.com Nissan Enthusiast Forums — Tuesday 15 May 2007 @ 17:26

  37. [...] going to infect their system, they’ll go download it.  The original article goes into more detail about the process, and the [...]

    Pingback by Tom Comeau, Geek Dad — Tuesday 15 May 2007 @ 18:16

  38. I’m not surprised at how gullible people are, and also if you had stated that you knew who they are… I once just had it state “How is it in ____.” (getting their rough address via their IP and sometimes geo info.) And that got a number of comments of please stop tracking me, and leave me alone.

    Comment by litwc — Tuesday 15 May 2007 @ 18:20

  39. [...] writes in his blog: I’m sure I could get much more traffic with a higher Google Adwords budget and a better designed [...]

    Pingback by Beyond Niche Marketing » Taking Viral Marketing to a New Level — Tuesday 15 May 2007 @ 18:41

  40. [...] 1C0D49A102278EBA2CB2D1A4497810A6 Filed under: Malware — Didier Stevens @ 18:56 1C0D49A102278EBA2CB2D1A4497810A6 is the MD5 hash of a statement I make about my ongoing Google Adwords experiment. [...]

    Pingback by 1C0D49A102278EBA2CB2D1A4497810A6 « Didier Stevens — Tuesday 15 May 2007 @ 18:56

  41. @Bill Bohrer

    According to Net Applications, Firefox now holds 15.4 percent of the browser market, while Internet Explorer has 78 percent. So having 80.5% of the clickthrus(335) coming from IE users is probably means that Net Apps estimates are pretty darn close.

    Firefox represented 12.5% (52 clickthrus) which tells me that for the normal public at large, discounting the large savvy base of geeks, designers and techies who use Firefox — the stats are saying that people are just as ignorant regardless what browser they use.

    Comment by WebStractions — Tuesday 15 May 2007 @ 21:43

  42. [...] not sure if I could write a spammier ad. Didier Stevens ran this ad on Google. 409 people at a CTR of 0.16% clicked on the ad. I shudder to think what [...]

    Pingback by Users are the weakest link. Latest studies on security - Naffziger’s Net — Wednesday 16 May 2007 @ 6:26

  43. Psychology explains all. When people scan something quickly they interpret it as what they want / expect. I suspect people read it as “Is your PC virus-free? Get it de-infected here!” With the simple addition of “de”. Their subconscious would have considered it highly unlikely to have been “infected” – as that would be stupid and make no sense for someone to advertise. So in many ways these people could be classed as too quick and too clever rather than the low IQ you suggested above ;) Additionally you could still have advertised as “de-infected” and would probably have got MORE clicks that way with which to infect computers. What you highlighted is not a flaw in the security / a new way in, quite the opposite, it is rather about human psychology.

    Comment by Andrew — Wednesday 16 May 2007 @ 9:37

  44. Oh yeah, that’s true, it’s all about psychology.

    And just to be clear: I make no claims about the IQ of the users, or even about any other of their characteristics. I just have stats from Google and logs from the site, I don’t measure human characteristics, hence I can’t report on it.

    Comment by Didier Stevens — Wednesday 16 May 2007 @ 10:04

  45. Sorry I miss-read what you said. Another example ;) Interesting study though and good points brought home about psychology.

    I did just have a think more about the security. I’ve not created google ads so I can see it from the user point of view. I have to say there is perhaps a confidence many of us have in googleads. There is an assumption they are from big corporations who paid a lot of money put them up there high in the ranking. And perhaps an assumption that google vet the big ones. But it sounds like some smaller ones are “let through” at random. So even with a broad topic you could get the odd small ad. These are hard to vet and could be from anybody. Can you please affirm this?

    Comment by Andrew — Wednesday 16 May 2007 @ 10:26

  46. [...] turvaspetsialist Didier Stevens kinnitab, et seda tegi tervelt 0,16% neist, kellele vastavasisulist reklaami [...]

    Pingback by Arvutikaitse » Blog Archive » “Tahad oma arvutisse värsket viirust? Kliki siia!” — Wednesday 16 May 2007 @ 10:31

  47. There is QA from Google when you setup an Adwords campaign, but it’s my impression that it is all automated. At first I submitted an add which said “Click here to get your PC infected”, but this was immediately refused. Apparently, your ad cannot have a phrase that starts with “Click here” or something similar.
    I got several mails from Google when I started my Adwords campaign, but they all looked machine generated.

    And on a side note, I also believe that many persons don’t even know or understand that these are ads, they just think they are Google search results.

    I also added a robots.txt file to the site to instruct search engine spiders to ignore my site.

    Comment by Didier Stevens — Wednesday 16 May 2007 @ 10:53

  48. hi, i have another problem with this ad: i am working (office and home) on a macintosh system for EVERYTHING (games, internet, work …) and i wanna get infected also. but i cannot! that is discriminating! isn’t there somebody out there who can do such an infection thing for a mac??? my iq is about 60 (i don’t know, is this much????). ;-)

    Comment by Stephan Andreas Niemann — Wednesday 16 May 2007 @ 11:07

  49. [...] Un phénomène dangereux qui se propage à grande échelle, même via de la publicité en ligne. Quelqu’un a fait une expérience assez folle avec AdWords affichant un texte qui dit “Votre PC est sans-virus? Venez [...]

    Pingback by Etude Google : Un site web sur dix contient des Malwares | L’actualité de l’IT — Wednesday 16 May 2007 @ 11:12

  50. I would have clicked that link. Just out of amusement and curiousity. I would have assumed it was either a jokey advert, or a typo – either way I would have wondered who was behind it. It doesn’t really prove much – if you had hosted a (harmless) downloadable executable and monitored who downloaded it, that would have been more relevant.

    Comment by Ian Ferguson — Wednesday 16 May 2007 @ 11:23

  51. “my iq is about 60 (i don’t know, is this much????).”

    This comment is clearly spoofed, with an IQ of 60, you wouldn’t be able to write it ;-)

    Comment by Didier Stevens — Wednesday 16 May 2007 @ 11:27

  52. But surely … lots of people would just be curious, I was maybe be tempted to click it.

    Comment by Roger — Wednesday 16 May 2007 @ 11:27

  53. [...] bei Didier Stevens via Slasdot. Share [...]

    Pingback by Click Here To Infect Your PC! | Wissen belastet — Wednesday 16 May 2007 @ 11:28

  54. I don’t know if you have the saying in America, but in Britain we say “Curiosity killed the cat ;)

    Personally, I would not knowingly click on something offering to infect my PC. And I think that applies to most users too. It would be asking for it. What with all the talk of viruses out there most people are rightly concerned.

    The real results of this experiment is that many people seem to trust adwords – and/or as Didier said – think they are officially ranked searched results.

    Comment by Andrew — Wednesday 16 May 2007 @ 11:47

  55. People trust adwords when in fact they are not checked out seriously by google. As the letting through of this advert with such wording has shown. To be fair we cannot expect all adverts to be checked by google, especially if the don’t cost much. But what most people don’t know is that such unchecked adverts can still rank high sometimes in the results.

    Comment by Andrew — Wednesday 16 May 2007 @ 11:50

  56. [...] sperimentatore ha fatto un esperimento e Stefano Quintarelli lo ha segnalato.Ha fatto girare una pubblicità [...]

    Pingback by AlBlog : Alberto Blog! Connettività, VoIP, P2P e… » Windows stupido? — Wednesday 16 May 2007 @ 11:53

  57. You’ve shown a breakdown by browser type. Do you have a similar breakdown for (reported) operating system?

    Comment by Soruk — Wednesday 16 May 2007 @ 11:57

  58. Point granted about the Google QA, but strictly speaking, the Google ad cannot deliver the malware, it’s the website being pointed to that can deliver it. We know Google is taking action to warn users of suspicious sites. And I my experiment, the website isn’t suspicious.

    Comment by Didier Stevens — Wednesday 16 May 2007 @ 11:58

  59. @Soruk

    98% was Windows. There was 1 Mac and 3 or 4 Linuxes. I can report a detailed Windows breakdown later today should you want me to.

    Comment by Didier Stevens — Wednesday 16 May 2007 @ 12:11

  60. Such a simple concept, but a brilliant experiment never the less!!

    Comment by Anthony Mills — Wednesday 16 May 2007 @ 12:18

  61. I just tried a Google searchinb for “drive-by download” and “drive by download”. The first didn’t display any ads, while the second displayed some, but not yours.

    I wanted to see what SiteAdvisor said about the site. That is, if it had a green check next to the link. If it did, that could get some people curious about the discrepancy.

    Comment by Kenb215 — Wednesday 16 May 2007 @ 12:24

  62. Did you take a look at the geographic breakdown? It is conceivable that a good portion of those that clicked didn’t have English as their first language.

    Comment by Denoir — Wednesday 16 May 2007 @ 12:43

  63. Heh, heh. 98% _is_ a higher representation of Windows users than the percentage of Windows users on the net. Is it significant? Quarter of a million clicks, I’m guessing probably.

    A reason for breaking it down could have been to eliminate snotty little people like me running linux who might have clicked it just to be “cute”. But it looks like that was hardly an issue at all.

    Comment by smchris — Wednesday 16 May 2007 @ 13:00

  64. That’s it, turn in your keyboard

    Didier Stevens set up this little blurb in Google Adwords, just to prove a point, and the point seems to be that there are a lot of idiots out there: over four hundred people actually clicked on it. No, he…

    Trackback by dustbury.com — Wednesday 16 May 2007 @ 13:16

  65. Are you sure the people that clicked on it didn’t just have a *sense of humour*??

    Comment by Stephen — Wednesday 16 May 2007 @ 13:43

  66. Since there were no virus, I’ll argue that it was perfectly safe to click, thus not stupid.

    Though I’d probably disable javascript and anything else before cliking stuff like that.

    Comment by PMB — Wednesday 16 May 2007 @ 14:50

  67. [...] How do computer viruses spread? Click here to find out. [...]

    Pingback by How do computer viruses spread? « The Alabama Moderate — Wednesday 16 May 2007 @ 15:12

  68. [...] Click Here! [...]

    Pingback by A Dolphin’s Journal of Events » Blog Archive » Is your pc virus free? Get it infected here! — Wednesday 16 May 2007 @ 15:16

  69. [...] por Reign of Erebus ligado Maio 16th, 2007 Um pesquisador de segurança online fez uma experiência. Criou um anúncio através do Google AdWords com o texto: “Seu computador está livre de [...]

    Pingback by Novo recorde de estupidez online « Ceticismo, Ciência e Tecnologia — Wednesday 16 May 2007 @ 15:43

  70. When I see this kind of ads on the net, first of all I supposed that’s a joke. Who wants to infect computers as explicit like that? The ones who clicked on this ads probably to validate the joke theory, or even to test the security on their computer.

    Many campaigns exists about “don’t push this button, don’t look into this, etc.” I can’t imagine that only idiots are concerned by these, I prefer believe in curiosity.

    So, the experience is very interesting. :)

    Comment by Drak — Wednesday 16 May 2007 @ 16:00

  71. [...] “Is your PC virus-free? Get it infected here” « Didier Stevens [...]

    Pingback by 256 shades of (th)ink Ma gli utenti windows sono più scemi degli altri? « — Wednesday 16 May 2007 @ 16:10

  72. [...] Check it out here [...]

    Pingback by The Hack Factor » Click Here To Infect Your PC! — Wednesday 16 May 2007 @ 17:15

  73. The reason why people click all the malware/trojan links in email, popups, ads, etc is because people just do not read and generally lose all common sense when using a PC.

    I call these people machine-gun-clickers. They read nothing, and click everything. As soon as you put a mouse in their hands its clickityclickityclickity. It is complete stupidity. Patience, a little bit of reading… keeps your computer safe. I’ve been in I.T. long enough to realize that a person’s I.Q usually drops 50% when they are using the computer.

    If I came to your door, and asked you if I could infect you with a virus (AIDS for example), would you invite me in, and sign a contract without reading it…I highly doubt it. Would you assume it was a joke? Ask the same thing on a PC and look at the results.

    Comment by phr0zen — Wednesday 16 May 2007 @ 17:24

  74. Why don’t you just leave a form on your site telling them the purpose of your experiment and ask them why they clicked on the ad? Sure, you will get some BS but it should be informative in any case.

    Comment by MESF — Wednesday 16 May 2007 @ 18:29

  75. [...] If you ever needed proof that people just aren’t smart enough to use computers (or anything else apparently) you need to check out Drive By Download. [...]

    Pingback by Sheep Guarding Llama » May 15, 2007: Farmer Day — Wednesday 16 May 2007 @ 18:34

  76. dobre hehehe:D pozdro

    Comment by Hubert — Wednesday 16 May 2007 @ 18:52

  77. [...] Onde Vai a Estupidez Humana? Um pesquisador de segurança online fez uma experiência. Criou um anúncio através do Google AdWords com o texto: “Seu computador está livre de vírus? [...]

    Pingback by Até Onde Vai a Estupidez Humana? « Nada Normais — Wednesday 16 May 2007 @ 19:19

  78. [...] tu PC libre de Virus? Infectate aquí! El belga Didier Stevens realizo un interesante experimento, resulta que decidió comprar un dominio con apariencia [...]

    Pingback by talishte » Blog Archive » Adwords y los Virus — Wednesday 16 May 2007 @ 20:08

  79. [...] more details about the experiment, be sure to read Didier’s blog post on the subject. Share and Enjoy: These icons link to social bookmarking sites where readers can [...]

    Pingback by Taking human stupidity to new extremes: Click here to infect your PC | [Geeks Are Sexy] Technology News — Wednesday 16 May 2007 @ 20:10

  80. [...] The full article is on the researcher’s blog. It really is amazing what some people will do given the chance. [...]

    Pingback by Mark Gilbert’s Blog » Please Infect My PC — Wednesday 16 May 2007 @ 20:41

  81. I clicked on it. So what? What was the point of this study?

    Comment by Chan — Wednesday 16 May 2007 @ 20:43

  82. Speculation about *why* people clicked isn’t likely to be resolved without looking at *how* these people came to be there. Your average user would not be entering the search term “drive by download” into Google. These were clearly sophisticated users who had some knowledge of the potential danger. For this to be meaningful you would need to place the ad on pages likely to be seen by people with an even distribution of computer skills.

    Comment by Nick — Wednesday 16 May 2007 @ 20:45

  83. Your N800 doesn’t look any less clumsy than my Nokia 770. In fact, I do like the hard metal cover thingy. :)

    Comment by Mazin — Thursday 17 May 2007 @ 1:00

  84. OMG, that is a classic, is it any wonder spam is such a problem when people don’t read before they just click away.

    Comment by Andrew — Thursday 17 May 2007 @ 1:00

  85. [...] a way we could consider this test, originally set up by Didier Stevens, as an insignificant factor in click behavior- subtracted from click metrics in general, and seen [...]

    Pingback by Adventures in Email Marketing » Metrics: The Anti-Click | — Thursday 17 May 2007 @ 1:36

  86. How can you be certain that they weren’t spoofing their UA?

    Comment by supercheetah — Thursday 17 May 2007 @ 2:09

  87. [...] Didier Stevens, we have this little bit of WTFery. Simply put, this security researcher set up a Google ad stating “is [...]

    Pingback by The Angry People! » PEBKAC — Thursday 17 May 2007 @ 4:05

  88. [...] that I have a little trouble restraining myself. So when I came across an article on Wired about Didier Stevens Google AdWords experiment, I knew I had to see if I’m the only curious cat out there. Stevens [...]

    Pingback by Trend Squad » Blog Archive » Would You Click On A Risky Link? — Thursday 17 May 2007 @ 4:35

  89. [...] on Google being used to steal bank passwords, a security researcher named Didier Stevens discussed an experiment he’d been running, to see how much traffic he could get using this same sort of tactic, with [...]

    Pingback by Computer Security Research - McAfee Avert Labs Blog — Thursday 17 May 2007 @ 10:25

  90. [...] recorde de estupidez online Um pesquisador de segurança online fez uma experiência. Criou um anúncio através do Google AdWords com o texto: “Seu computador está livre de [...]

    Pingback by Novo recorde de estupidez online « Léo Mello. - Compartilhando ócio - — Thursday 17 May 2007 @ 17:52

  91. It’s truly frightening how quickly people click without reading. I’m CERTAIN that most thought they were visiting a free virus removal site…. which is even more sad when you think about it.

    I’ve always looked upon “free” virus removal sites with distrust.

    Comment by Divva — Thursday 17 May 2007 @ 17:58

  92. [...] posted at the Didier Stevens Blog by Didier Stevens Filed under: Malware — Didier Stevens @ [...]

    Pingback by » “Is your PC virus-free? Get it infected here!” > Vincent Arnold — Friday 18 May 2007 @ 4:10

  93. [...] (and sometimes first few search results) of a Google search results page. Didier Stevens did an interesting experiment to demonstrate how easy it was for a malicious site to get an ad in a high position, where it might [...]

    Pingback by Security Views » Didier — Friday 18 May 2007 @ 4:27

  94. I honestly would click on it just to see what happened.

    Mind you, I’m also fairly confident that the machine I’m using wouldn’t be infected. ;)

    Comment by Revenant — Friday 18 May 2007 @ 5:38

  95. Human curiosity is a marvelous thing,,, I think you could put in any combination of wording in your ad, offering various degrees of bad and / or harmful results, and some percentage of the population would click on it just to see whats behind it all… The full range of human conditions are always on hand to be exploited: greed, curiosity, gullibility, laziness, etc – con artists make a living off of this, hackers exploit it to various ends, and it won’t ever change. “Caveat Emptor” was documented 2000 years ago, and human nature has yet to make a permanent adjustment to take this into account. But perhaps a bit of eductation and exposure will save a few uncautious souls from falling into the pitfalls of modern technology.

    Comment by Just Another Monkey — Friday 18 May 2007 @ 7:37

  96. [...] Stevens said in his blog that he ran his Google Adwords campaign for six months. “Last fall, my attention got caught by a small book on Google Adwords at our local library,” he wrote. “Turns out it’s very easy to set up an ad and manage the budget. You can start with a couple of euros per month. And that gave me an idea: this can be used with malicious intent. It’s a way to get a drive-by download site on the first page of a search result. So I started an experiment…” [...]

    Pingback by Security Bytes » A sad experiment — Friday 18 May 2007 @ 9:27

  97. No doubt ! people get attracted to something different, and some may have not read the description clearly and thought of some cool download.

    Comment by Mohd. Hashim Khan — Friday 18 May 2007 @ 11:48

  98. [...] on Google being used to steal bank passwords, a security researcher named Didier Stevens discussed an experiment he’d been running, to see how much traffic he could get using this same sort of tactic, with sort [...]

    Pingback by McAfee Avert Labs Blog - An experiment in using sponsored ads for malware - Chris Mosby at myITforum.com — Friday 18 May 2007 @ 16:20

  99. [...] libre de virus tu ordenador? ¡Inféctalo aquí!. Divertido experimento el que hace Didier Stevens para demostrar algo que ya sabíamos: que hay mucha gente que no lee [...]

    Pingback by Un lugar en el mundo… » Blog Archive » Retazos de la semana (y XXI) — Saturday 19 May 2007 @ 4:31

  100. “We have met the enemy and he is us”.

    Following the pivotal U.S. victory in The Battle of Lake Erie, on September 10, 1813, Navy Commodore Oliver Hazard Perry sent the following message to Army General William Henry Harrison: We have met the enemy, and they are ours. Many

    Trackback by Trucker Tech — Saturday 19 May 2007 @ 20:43

  101. I just did (with Linux) to see what did (not) happen :-))

    Comment by Kees — Sunday 20 May 2007 @ 9:34

  102. Google Adwords Experiment with Driveby Downloads

    A security researcher named Didier Stevens posted a Google ad that actually said “Is your PC virus free? Get infected here!” with a title of Driveby Download and it was clicked on 409 times out of 259,723 impressions. I remember seeing this…

    Trackback by Jimmy Daniels — Monday 21 May 2007 @ 6:04

  103. [...] Filed under: Malware — Didier Stevens @ 6:49 After last week’s world-wide entertainment, I’m continuing with the more serious topic of steganography and rainbow tables, but first a [...]

    Pingback by Click Fraud « Didier Stevens — Monday 21 May 2007 @ 6:49

  104. [...] un post dedicado a las campañas de descargas indeseadas, Stevens comenta que se le ocurrió la idea tras [...]

    Pingback by » Anuncio ofreciendo ‘infecciones para Pc libres de virus’ recibe cientos de clics | Maikelnai’s blog — Monday 21 May 2007 @ 15:48

  105. Thats was a good experiment to test users for clicking the bad banners. Many users clicks the banners like “Get smilies here!” or “Get free moneys here!”, or others. I will give your article 5/5 for details, explanation, and more. :D :)

    Comment by PowerPatrick — Monday 21 May 2007 @ 18:19

  106. [...] Didier Stevens comenta su idea [...]

    Pingback by elblogdeffuentes.cl » Anuncio ofrece infectar tu PC gratis! — Tuesday 22 May 2007 @ 17:15

  107. [...] business, your job is not as hard as you think. Take a vacation. And maybe spend a little time on Steve Didier’s blog. digg_url = ‘http://techchickblog.com/2007/05/22/click-here-to-get-infected/’; digg_title = [...]

    Pingback by Tech.Chick.Blog » Click here to get infected — Tuesday 22 May 2007 @ 18:08

  108. […]Computer specialist Didier Stevens put up a simple ad, with the help of adwords,[…]

    Comment by juventuscadillac — Wednesday 23 May 2007 @ 19:34

  109. [...] his blog, Stevens remarked on the inexpensive ease of which an ad can be set up on Google. Sinister minds require the [...]

    Pingback by Some People Will Click On Anything » WNW Design - Web Design & SEO — Thursday 24 May 2007 @ 8:08

  110. [...] que o mundo está de pernas pro ar? Que dizer de alguém que paga €17 para colocar na internet o seguinte anúncio: ‘Seu PC está livre de vírus? Contamine ele aqui!’ E vou além. O anúncio foi ao ar [...]

    Pingback by Anotações esporádicas para eventuais falhas de memória — Friday 25 May 2007 @ 0:26

  111. I find the whole experiment meaningless.

    It didn’t mean google was allowing a malicious advert, since your advert was not actually malicious.

    It didnt mean that 0.2% of people want to get infected.

    So in fact all you can say is “I ran an experiment and I got a null result”.

    Your press release is “spin”, so congratulations on your successful experiment , testing the world media.
    You have found that you can produce a press release about a failed and very obscure and unimportant experiment that gets world press, by hiding the fact it is a failed experiment in the spin.

    I am aware of the problems of having syndicated advertisements (and centralised web usage tracking ) but making false claims by using a failed experiment is against that cause, isnt it ?

    Comment by Leon — Friday 25 May 2007 @ 1:50

  112. I didn’t make a press release. http://en.wikipedia.org/wiki/News_release
    And I don’t have ads on my site.

    Update:
    Just though about something: if you see ads on my blog here, there is a possibility that you have adware on your machine, for example in the form of a BHO for MSIE.

    Comment by Didier Stevens — Friday 25 May 2007 @ 6:31

  113. [...] Publicado Maio 28th, 2007 Uncategorized Um pesquisador de segurança online fez uma experiência. Criou um anúncio através do Google AdWords com o texto: “Seu computador está livre de [...]

    Pingback by Novo recorde de estupidez online « % absolute ? — Monday 28 May 2007 @ 0:57

  114. [...] Hela historien hittar du hos Didier själv. [...]

    Pingback by Du kan vara ett folk som klickar på utlovat virus « Informatören och grannen i 2.0 — Monday 28 May 2007 @ 11:02

  115. [...] podría pensarlo, hasta que lee la historia que publicó el experto en seguridad Didier Stevens en su blog: hace seis meses Stevens compró el [...]

    Pingback by El Diablo en los Detalles | Naturaleza Humana #1: No puedo evitar hacer "click" — Monday 28 May 2007 @ 13:10

  116. [...] his blog, Stevens remarked on the inexpensive ease of which an ad can be set up on Google. Sinister minds require the [...]

    Pingback by Some People Will Click On Anything - Internet Insider Report — Monday 28 May 2007 @ 16:21

  117. [...] Link #1: http://didierstevens.wordpress.com/… [...]

    Pingback by Chad’s News - Click Here To Install Virus — Monday 28 May 2007 @ 18:32

  118. And how many people were using Sandboxie, Bufferzone, Powershadow, Defensewall or similar that clicked on the “Get me infected” link.

    I did and was disappointed there was no infection.No realtime or on demand blacklist AV’s are used here and I consider myself far safer by using Sandboxie and Powershadow.

    Now give me some links to some real infections, even Killdisk, as I feel like having a some fun!

    Comment by Oneder — Wednesday 30 May 2007 @ 0:35

  119. Well, I searched “download virus” today (6/2/07) and one of the Google ads was:

    Free – Virus Download
    Download your free
    Virus Program Download.
    http://www.VirusDetections.info

    A clumsily worded ad for an antivirus program? A malware site pretending to be free antivirus but not clear on the English language? Or a social experiment?

    Comment by AlphaCentauri — Saturday 2 June 2007 @ 20:55

  120. I was wondering about your comment: is it real or is it spam? :-)

    Comment by Didier Stevens — Tuesday 5 June 2007 @ 19:59

  121. Nice ;)

    Comment by Proxy — Wednesday 6 June 2007 @ 15:49

  122. Wouldn’t you click smth like that?
    Well, I would maybe clicked it too, just for curious.. though no probably not, I don’t need an antivirus, and that slogan was actually more of a antivirus slogan not virus slogan.
    People would expect afetr clicking some text like:
    “This is how you could get virus to your computer, download our antivirus bla bla bla…”

    Comment by ei ütle — Friday 8 June 2007 @ 10:05

  123. [...] специалист по безопасности Дидье Стивенс на практике убедился, что объявление заинтересовало 0,16% [...]

    Pingback by Infosecurity » Blog Archive » «Ваш компьютер свободен от вирусов? Заразите его здесь!» — Friday 8 June 2007 @ 11:43

  124. [...] Personalized search allows users to search for less specific queries and forces trust of the engine to deliver the best results. Michael believes Google is in essence creating “Google addicts” and dumber search behavior. If anyone has seen ”Idiocracy”, this scares the crap out of me. I will hold off on a rant, but the last thing we need are dumber searchers when people are already clicking on ads that tell them they are about to download a virus! [...]

    Pingback by Personalized Search Session at SMX Advanced — Friday 8 June 2007 @ 13:33

  125. [...] wie gesagt – das war bislang so. Jetzt es ist es damit vorbei. Denn jetzt hat der Belgier Didier Stevens bewiesen, was ich immer schon ein wenig befürchtet habe: Es gibt genügend Anwender, die [...]

    Pingback by PC-Business Know How! » » Klick mich! — Friday 15 June 2007 @ 16:30

  126. i wanted to get a virus!!!!!

    Comment by shawn rager — Saturday 30 June 2007 @ 13:48

  127. [...] o son, directamente, estúpidos”. Pero Stevens dijo que detrás no había ningún virus, que sólo era un experimento para demostrar que este tipo de sistemas de anuncios pueden ser usados con intención maliciosa (el [...]

    Pingback by Do you want a crisp virus for breakfast? Apparently, some folks did. « Aussie — Sunday 8 July 2007 @ 9:51

  128. [...] despots, able to impose their will on the system as they see fit. This makes it easy for users to unwittingly compromise their security, by granting rights to ostensibly friendly or useful programs, web sites, and [...]

    Pingback by Dan R Smrt » Blog Archive » Of Kings and Computers: Work and Play as Non-Administrator — Saturday 14 July 2007 @ 2:36

  129. [...] 17th, 2007 Didier Stevens has done a great job wit his AdWords experiment. He bought a cheap *.info domain, paid couple of euros to Google for “Is your pc virus free? Get [...]

    Pingback by seclog — Tuesday 17 July 2007 @ 12:20

  130. [...] que o mundo está de pernas pro ar? Que dizer de alguém que paga €17 para colocar na internet o seguinte anúncio: ‘Seu PC está livre de vírus? Contamine ele aqui!’ E vou além. O anúncio foi ao ar [...]

    Pingback by anotações esporádicas para eventuais falhas de memória » *Para ler ouvindo De Onde Vem A Calma - Los Hermanos. — Friday 27 July 2007 @ 20:42

  131. [...] kan ställa sig är om någon fortfarande går på den här typen av försök… Tyvärr ger ju Didier Stevens försök med Is your PC virus free? – Get it infected here! en skrämmande bild av hur en del användare föhåller sig till [...]

    Pingback by Kryptoblog » Blog Archive » Tyvärr, inga nakna kändisar nu heller — Monday 6 August 2007 @ 12:53

  132. err… bt what was ur experiment actually?

    Comment by nishugoyal — Saturday 11 August 2007 @ 11:22

  133. WOW…great article.Most of the visitors click that link due to amusement or curiosity.I would have done the same!

    Comment by Reshadat — Sunday 26 August 2007 @ 7:25

  134. vikas

    Comment by milind — Friday 21 September 2007 @ 16:54

  135. I found this url ( x15.cloudcroft-nm.gov/500/15/265.html ) that constantly wants to infect your pc by asking you to click on whatever is on the screen. If anyone knows of a way to fry or nuke them, then feel free to check it out yourself.

    Comment by andy grizzly — Wednesday 26 September 2007 @ 13:49

  136. No seriously though, I’m looking to download a virus to infect my school’s computers. Please point me in the right direction…

    Comment by Rob — Monday 19 November 2007 @ 13:34

  137. http://en.wikipedia.org/wiki/Morris_worm

    Comment by Didier Stevens — Monday 19 November 2007 @ 14:14

  138. ROFL

    Comment by haha — Saturday 15 December 2007 @ 17:03

  139. [...] Więcej na blogu Stevensa. [...]

    Pingback by Google Adwords - użytkownicy klikną praktycznie we wszystko! - SEMGuru.pl - pozycjonowanie i reklama w wyszukiwarkach — Tuesday 18 December 2007 @ 13:21

  140. Awesome goes to show IE users are retarded

    Comment by Bandit — Tuesday 18 December 2007 @ 14:43

  141. [...] hell! A Google Ad says click here to infect your PC – and people do!!! Didier Stevens ran a little experiment on how easy it is to set up a malicious site and then drive people to it via Google Adwords. The [...]

    Pingback by Drive-By-Download « I am not grumpy - just differently-cheerful — Wednesday 19 December 2007 @ 14:26

  142. [...] experiment run by blgium security expert / blogger Didier Stevens.  He designed this provocative “Drive by Download”  ad to see if first would Google accept the ad (they did).  And would people foolishly click on [...]

    Pingback by SensoryMetrics: re-inventing the User eXperience » **FREE** Google-ad-supported imaginary Malware for your PC! — Friday 21 December 2007 @ 15:13

  143. [...] And here. [...]

    Pingback by andreas04: close to attraction — Monday 24 December 2007 @ 1:22

  144. dsAFdsfytetyhdhbv

    Comment by anz — Tuesday 19 February 2008 @ 11:39

  145. Comment by Kir — Saturday 15 March 2008 @ 8:46

  146. Comment by Hero — Saturday 15 March 2008 @ 9:27

  147. Comment by Aron — Saturday 15 March 2008 @ 22:27

  148. I think people don’t read. I have a website for apartment rentals in Italy and some of these apartments have no air conditioning. I write this fact in bold on each apartment’s page. People ask me for these units in August and then complaint because they are not air conditioned; luckily I advise them before making a reservation. I talk about human stupidity on my blog:
    http://blog.computer-fella.com/2008/03/13/recruiters-go-back-to-school/

    The issue is different (in my blog I am talking about recruiters), but the stupidity is the same! It’s funny because Google wants content on websites. For what? Just spiders?

    Comment by Angelo — Monday 14 April 2008 @ 4:08

  149. I seen the ad and clicked on it on purpose. I thought it was amusing so I wanted to see what it was. I didn’t care about viruses cause my virus protection is powerful.

    Comment by Anonymous — Sunday 27 April 2008 @ 1:44

  150. haha yeahi likeit:D
    Nowmyschool computer has virus:D

    Comment by School — Tuesday 20 May 2008 @ 6:34

  151. Well, I searched for Get Virus in google cause i wanted to prove my antivirus software, also i was testing Mozilla Firefox 3 so i wanted to know the security standard.

    Comment by Xavier Merino — Tuesday 17 June 2008 @ 23:22

  152. Who would want to download a virus

    Comment by ME — Friday 4 July 2008 @ 0:17

  153. I clicked on the link purposely but the number of clicks did not increase rather it didn’t give me any message. I would like to suggest if a message is added to make users understand that they have made a mistake and for now it didn’t cause a harm but further if they are going to be so stupid then they might get infected from a third party website

    Comment by George — Saturday 26 July 2008 @ 7:10

  154. “Is your PC virus-free? Get it infected here!”…

    What would you do if you saw the following Google Adword?
    “Is your PC virus-free? Get it infected here!”This Ad was displayed 259,723 times and clicked on 409 times. That’s a
    click-through-rate of 0.16%. Would you consider this to be bad? Th…

    Trackback by Malta Info Security — Friday 1 August 2008 @ 11:03

  155. [...] an excerpt from his blog post about the test, ”Is your PC virus-free? Get it infected here!” Would you click on this Google [...]

    Pingback by Would you click a link offering to infect your computer? 409 people did. — Our Latest Discovery — Wednesday 20 August 2008 @ 22:48

  156. what motivated me to click on your adlink was that i were looking for a real virus or malware to put on my flash drive. to explain further, i resently suffered a robbery with inncluded 3 of my flash drives and some other valubles, so im looking for software that will after another robbery (god forbid) when anyone attemps to attivate the program(it will have an attrative title), will relay relivent info of pc throught internet back to me.

    Comment by rawdawg — Thursday 28 August 2008 @ 13:24

  157. Wow… I only read a little bit, but people must be extremely gullible. You guys must know something about computers, so how do you make it so that people can download stuff from your site? I’ve never figured out how… I can make good spammer programs, tho. lol

    Comment by H@k3r — Wednesday 17 September 2008 @ 3:26

  158. [...] Belgian based IT security consultant Didier Stevens posted an advertisement in Google.com to test the ‘pioneering’ company’s ability [...]

    Pingback by » Blog Archive » Tech blunder by Google? — Thursday 18 September 2008 @ 22:06

  159. haha, that’s pretty cool…
    I did a similar thing just recently on hxxp://www.downloadmalware.com
    although, I wasn’t as smart and actually included malware on the server for a couple of hours (quickly replaced the malware with links to youfail.org) but yea, it wasn’t smart.

    Comment by bested — Sunday 19 October 2008 @ 19:05

  160. I am running XP in a virtual Machine under Linux and I want you to infest it so I can Kill all the infestations just for fun because I OWN windows now.
    Hee hee hee hee hee hee hee hee hee
    windows users deserve all the infestations they get.
    I only run windows because its fun watching it boot in a VM machine……….

    Comment by Cameron — Tuesday 2 December 2008 @ 19:22

  161. The Wikipedia article on computer viruses mentions this experiment. I edited the article because it erroneously attributed this experiment to F-Secure. Could you have a look at the text and see if the attribution is correct etc. Thanks.

    PS. Your stupid blog software doesn’t think era+didierstevens=com@example.net is a valid email address.

    Comment by era — Wednesday 10 December 2008 @ 7:48

  162. Doh! Hadn’t noticed it till you mentioned. Will have to pay attention to spelling of titles.

    Comment by Didier Stevens — Thursday 12 February 2009 @ 15:39

  163. hello i am sunil gadakari (0028,sv,virus man )

    Comment by sunil gadakari — Sunday 7 June 2009 @ 13:37

  164. [...] People will click on anything → An experiment in advertising (title via ISC). [...]

    Pingback by Link Archive | K-Squared Ramblings — Tuesday 1 September 2009 @ 5:50

  165. Hi! I was surfing and found your blog post… nice! I love your blog. :) Cheers! Sandra. R.

    Comment by sandrar — Thursday 10 September 2009 @ 21:04

  166. [...] uraziť . Inšpiráciou k článku boli články tieto : Kliknite sem a stiahnite si vírus a “Is your PC virus-free? Get it infected here!” Photo by energeticspell [...]

    Pingback by Akú cenu má vaša hlúposť | JamesM blog — Tuesday 22 September 2009 @ 16:38

  167. I am amazed by how many people left comments proudly admitting that they would have clicked on the link. Curiosity does not exonerate one from foolishness. Of the 409 people who clicked on the link, those Windows users who clicked because they wanted to see what would happen or believed that they were invulnerable to viruses were bigger fools than those who didn’t read the ad thoroughly. It doesn’t matter what web browser or anti-virus program you have; the best security software doesn’t replace smart computing. If you’re not a Linux or Mac user, then PLEASE fight your peculiar temptation to click on suspicious links!

    Comment by Dreamcass — Wednesday 30 September 2009 @ 4:31

  168. Yeah, you’re right Dreamcass… because it’s a known fact that Linux and Mac are virus free…
    Is it April’s fools ?

    Comment by Olivier — Tuesday 6 October 2009 @ 16:01

  169. [...] 409 people clicked on it, when this ad was run by Didier Stevens, though his intention was just to demonstrate that the advertising system can be a good source for [...]

    Pingback by “I want a virus, please…” - Tech Superb — Friday 9 October 2009 @ 3:37

  170. lol i clikced on this on my school computer now the whole school is messed up thanks!

    Comment by Anonymous — Friday 20 November 2009 @ 21:27

  171. @Anonymous… ya… it screwed up your spell and grammar checker, sentence structure and capitalization. It must have made everyone there a complete illiterate.

    Comment by Roland — Tuesday 8 December 2009 @ 15:23

  172. Less than one percent. Wow that is a statistically significant minority. Interesting that you don’t say what this ‘experiment’ actually could have uncovered. In short; cool story bro.

    Comment by Student — Monday 21 December 2009 @ 4:20

  173. I found your site because I DO want to be infected.. trying to test AV software.

    That may also have been the motivation for other clicks.

    Comment by Mark — Thursday 31 December 2009 @ 19:28

  174. [...] users need to be extra vigilant when receiving suspicious emails with ‘Click Here:’ boldly pronounced and organizations need to realize that their systems will be poked, prodded [...]

    Pingback by Cybercrime, the Easy Way « psilva's blog — Tuesday 19 January 2010 @ 0:40

  175. [...] And that Google ad I showed above—the person who wrote that advertisement did it only to see how stupid PC users are. And 409 people clicked on it. [...]

    Pingback by So easy with online | Another weblog — Friday 12 March 2010 @ 2:54

  176. Its in the human nature to click on such a link, although it IS quite strange to click on it. But thats just the way we are.

    Comment by Gabriel — Monday 17 May 2010 @ 21:50

  177. lol, This made it into the guineas book of world records for most deliberate virus downloads.
    This is some awesome stuff here. I love the slogan.

    Comment by Ebob101 — Wednesday 20 October 2010 @ 22:30

  178. I wonder how many users are real users, and if there are many bots that click on ads?
    Did you filter your traffic for bounces on visits that were less than 1 (or maybe 2) seconds to filter for likely non-human traffic? Interested in the results

    Comment by AJ Mihalic — Monday 24 January 2011 @ 22:07

  179. @AJ Mihalic I don’t have that data. Don’t forget that this is 5 years old, maybe GoogleAds offers this data now, but it didn’t back then.

    Comment by Didier Stevens — Tuesday 25 January 2011 @ 19:41

  180. thanks man great idea

    Comment by Anonymous — Friday 29 April 2011 @ 11:55

  181. @Didier The ad seems vaguely familiar. If I remember correctly, I may have clicked it for a laugh thinking it was a joke :)

    Comment by Anonymous — Saturday 4 June 2011 @ 20:30

  182. “I am amazed by how many people left comments proudly admitting that they would have clicked on the link. Curiosity does not exonerate one from foolishness.”

    I’ve got a different theory:

    Clicking a link like that is no more foolish than clicking any other link you haven’t cross-checked, actually.

    The reason people click on it is because it looks like it’s satire / humourous. As has been stated before, you don’t usually advertise your malware as, well, malware – so I’d reckon you’re more likely to get malware from a link that pretends it has *nothing* to do with malware than one that pretends it *does*. If you’re smart enough to understand that logic, very frankly, it’s not gullible to click the link since you are actually -more- safe, statistically seen, than you would be clicking various other links. Even if that weren’t true, it would still be the -same- chance of malware infection, because words do not matter.

    That’s the complexity of human psychology for you.

    (Yes, that does mean I don’t think this experiment teaches us anything – but I still enjoy it! ^_^)

    Comment by pinkgothic — Friday 8 July 2011 @ 12:54

  183. Sorry, one more thought:

    Gullible isn’t clicking on the link, gullible is not clicking on it. Gullible is believing it will actually infect your machine and taking the words at face value. (Frankly I would go as far to consider that far more dangerous than clicking it and challenging the words presented, since I imagine the type of person not to click the link because they believe it’ll give them a virus will be the same type of person who will click another link that promises to be virus-free. But that’s getting very off-topic and hypothetical – though I hope a point can be distilled from this ramble, regardless.)

    Comment by pinkgothic — Friday 8 July 2011 @ 13:02

  184. @pinkgothic Back in the time when I did this experiment, it taught us something about Google, and that was the point.

    Comment by Didier Stevens — Friday 8 July 2011 @ 17:18

  185. @Didier: Yeah, I see what you mean – and that’s valuable! :) Honestly, I just felt some of the comments could use responding to, seeing as they took the psychological bend (and with how it was being piled on I of course promptly mistook it as its purpose – which, you know, speaking of gullible and psychology… :D). *tips hat to for excellent blog in general*

    Comment by pinkgothic — Friday 8 July 2011 @ 17:32

  186. @pinkgothic Thanks! And thank you for your valuable comments.

    Comment by Didier Stevens — Friday 8 July 2011 @ 17:38

  187. nice

    Comment by moshe — Sunday 30 December 2012 @ 23:52

  188. Haha, you’re a genius.

    Comment by blue — Monday 10 March 2014 @ 22:41

  189. lol

    Comment by t — Sunday 4 May 2014 @ 20:45


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 221 other followers

%d bloggers like this: