After last week’s world-wide entertainment, I’m continuing with the more serious topic of steganography and rainbow tables, but first a small remark.
Some persons have commented that I didn’t discount the click fraud factor. The reason why I didn’t is that the motivation of the persons who clicked on my ad doesn’t matter at all. If it’s a person clicking on a “malicious” ad to commit click fraud, the result is the same: the cybercriminal gets a shot at trying to infect his machine.
And if it’s a program instead of a person doing the click fraud, the result is also the same if it’s a Windows program using the MS IE ActiveX component. I’m waiting for feedback to try to quantify the amount of non-Windows automated click-fraud that could have impacted my Google Adwords campaign. I’ll post an update when I get said feedback.
Didier Stevens 
Didier,
I read this article (on slashdot :)) and I asked myself what I would do if I noticed such an ad. If I had it available, (don’t currently, but I might reload it for this – just to see what it does) I would probably load a vmware session and click the link to see what happened. I regularly use vmware to “test” things that I am leary about, especially downloads from questionable sites. It would be interesting to have the link connect to a website that’s configured to identify the platform of a browser (if you can). Unfortunately, I think that your experiment was probably a one shot deal in light of the press and Google’s response. It was a cool idea though.
Dave
Comment by David — Thursday 24 May 2007 @ 23:28
Even with VMware you have to be careful. I will post about my virus lab. Here is post on how to retrieve a malicious file from a website in a controlled way: https://didierstevens.wordpress.com/2006/12/15/my-virus-lab-part-1-downloading-a-malicious-file/
Comment by Didier Stevens — Friday 25 May 2007 @ 6:52
very good
Comment by mihir — Monday 2 March 2009 @ 11:58
nice
Comment by mihir — Monday 2 March 2009 @ 11:59