Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
People click on the darndest things
In an experiment, more than 400 click on a Google ad that promises to infect their PC
May 18, 2007 12:00 PM ETComputerworld - Proof that users will click on virtually anything -- behavior that hackers depend on -- has been laid out by a researcher, whose Google ad touted instant infection. More than 400 clicked through.
In a six-month experiment by security researcher Didier Stevens, some users weren't warned off by a Google sponsored link that read:
Drive-By Download
Is your PC virus-free?
Get it infected here!
Of the 259,723 times the ad was viewed, it was clicked on 409 times, said Stevens.
To run the experiment, Stevens registered the "drive-by-download.info" domain -- ".info domains are notorious for malware hosting," he said -- set up an exploit-free Web page that displayed "Thank you for your visit!" and logged the number of views, and began a Google Adwords campaign using several combinations of the words "drive by download."
"No PCs were harmed in this experiment," Stevens swore. The experiment cost him just $23, or about 6 cents a click.
And he did everything but click the mouse for the careless. "I designed my ad to make it suspect, but even then it was accepted by Google without problem, and I got no complaints. And many users clicked on it," said Stevens. "Now, you may think that they were all stupid Windows users, but there is no way to know what motivated them to click on my ad."
Most exploits gamble on just this kind of laxness, and use bait such as a dubious attachment with an eye-catching title or a link to a supposedly sweet Web site. Late last month, in fact, security vendor Exploit Prevention Labs uncovered an ambitious scam where hackers bought Google keywords, then rerouted users to malicious sites.
But maybe that was overkill, said Lenny Zeltser, an analyst at the SANS Institute's Internet Storm Center. "Perhaps there is no need for attackers to create advanced redirection chains or elaborate deception schemes," said Zeltser. "As Stevens' experiment confirmed, people will click on anything."
Stevens has also posted a video of his experiment on YouTube.
Read more about security in Computerworld's Security Knowledge Center.
click
Additional Resources
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Computerworld Reports
Sign up to receive updates on the latest Security resources
