Users Become Scapegoats To Web Ad Malware Exploit
Didier Stevens, an IT security expert from Belgium, has performed an amazing social test after buying the Internet domain name drive-by-download.info. He designed an ad on Google AdWords letting people corrupt their computers with malicious code just by opening a link, as reported by Secure Computing on May 21, 2007.
"The installed webserver exhibited a page announcing: " Thanks for your visit!" and registered every message. It's obvious that no malware or other programs were ever hosted on this computer. This test did not damage any PC," posted Stevens on his blog, as reported by ITpro.co on May 18, 2007.
Stevens counted all users who entered the site after opening the AdWords link and found that the advertisement was shown 259,723 times and accessed 409 times. Stevens said that he was airing his results following numerous media reports alleging that the method was being utilized by cyber-terrorists to transfer malware to clients.
"That constituted CTR (click-through-rate) of 0.16 per cent. The Google Adwords ad blitz cost just $23, a $0.06 for each click or possibly exposed computer. Nearly 98 per cent of the computers were Windows operated," he stated, reports the May 18, 2007 edition of ITpro.co.
"The advertisements were devised to look dubious, but nevertheless it was easily received by Google and there's been no problems so far, and several people have accessed it. They may be regarded as dull Windows clients, but it's quite impossible to understand what prompted them to access the particular ad, " Stevens communicated on his blog, according to reports by Secure Computing on May 21, 2007.
As per Gemini Systems' security consultant, Lenny Zeltser: "Maybe hackers don't require to build sophisticated redirection link or complex scam plans. Stevens's test established that users will click on everything," as per the May 21, 2007 copy of ITnews.
"His trial is still operational. Obviously, currently the character of the trial has altered after being divulged, but it could still become fascinating, averred Stevens, as per reports by May 18, 2007 edition of ITpro.co.
Related article: Users Making Opening Online Accounts To Identify Thefts
» SPAMfighter News - 29-05-2007