We’ve heard the mantra often enough; that security is a multi-faceted affair – that it is not about the latest bleeding edge firewalls or antivirus software, but that it is also dependant upon users practicing a culture of safe computing.

Yet you know that the road ahead is a very long and arduous one when an on-line advertisement promising to infect virus-free PCs with a virus actually gets clicked on.

The ad in question was run by Didier Steven, who identifies himself as a security professional from Brussels, Belgium.

According to eWeek, Stevens works for Contraste Europe, a branch of the IT consultancy The Contraste Group.

As he wrote in his blog entry, Steven’s interest was quipped by a small book on Google Adwords he spotted at his local library one day. He decided to setup an experiment to see just how easy it would be for someone with malicious intent to use paid advertising to redirect traffic to questionable sites.

Apparently, his ad was displayed 259,723 times over six months and clicked on 409 times with a click-through-rate of 0.16%. With the Google Adwords campaign costing $23, that works out to a cost of just $0.06 per potentially compromised machine.

Network Work also has an article about hackers buying of sponsored links from Google.

Do you have such “exploitable” users in your organization?

Comments RSS

You must be logged in to post a comment. Free Registration »