Feeds

Feeling left out? Get your PC infected today!

Spoof malware campaign racks in the hits

Protecting users from Firesheep and other Sidejacking attacks with SSL

A spoof ad campaign offering surfers the chance to infect their PCs with malware has drawn plenty of interest.

In an experiment, a security researcher bought a Google ad campaign to promote a site ostensibly offering to infest visitors' Windows PCs with computer viruses. The "click here to be infected" campaign was displayed 259,723 times and clicked on 409 times, at a click-through rate of 0.16 per cent or around one in 500. The cost of the six-month campaign was $23, or around 5c per chance to infect a PC.

That's the kind of figure that might be recouped by selling access to compromised zombie machines, providing hackers had enough funds up front, although there are undoubtedly cheaper ways to achieve the same objective. "I'm sure I could get much more traffic with a higher Google Adwords budget and a better designed ad," Didier Stevens writes.

The ad was pretty unambiguous in its intent:

Drive-By Download Is your PC virus-free? Get it infected here!

Users clicking on the ad were directed to the domain drive-by-download.info domain. Domain featuring .info are notorious for hosting malware. In this case, no malware or scripts were ever hosted on the site, but those visiting the site weren't to know it was just an experiment.

It'd be nice to think that those that clicked on the ads were cyber-savvy types with fully patched systems who were simply curious about the bizarre offer. But we doubt it.

As the SANS' Institute's Internet Storm Centre notes, the experiment provides evidence that some people will "click on anything".

Tricking users into visiting sites contaminated with malicious scripts has begun to outpace malware-infected email as the main means to deliver malware over recent months. Didier Stevens' experiment provides evidence that such malware trickery might be effective even without convoluted redirection chains or elaborate deception schemes, further illustrating how dangerous it is to visit "dodgy" websites. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.