Security professional Didier Stevens figured it would be a hoot running an experiment to see how many people would willingly click on a URL promising to infect their PC. So he ran this ad on Google:
Unbelievably, 409 people clicked on the ad.
Stevens said in his blog that he ran his Google Adwords campaign for six months. “Last fall, my attention got caught by a small book on Google Adwords at our local library,” he wrote. “Turns out it’s very easy to set up an ad and manage the budget. You can start with a couple of euros per month. And that gave me an idea: this can be used with malicious intent. It’s a way to get a drive-by download site on the first page of a search result. So I started an experiment…”
He said he designed the ad to make it suspect, but even then it was accepted by Google without a problem and he has gotten no complaints to date.
“Now you may think that they were all stupid Windows users, but there is no way to know what motivated them to click on my ad. I did not submit them to an IQ-test,” he wrote.
