A spoof ad campaign offering surfers the chance to infect their PCs with malware has drawn plenty of interest. In an experiment, a security researcher bought a Google ad campaign to promote a site ostensibly offering to infest visitors' Windows PCs with computer viruses. The "click here to be infected" campaign was displayed …
Clear as mud?
"The ad was pretty unambiguous in its intent:
Drive-By Download Is your PC virus-free? Get it infected here!"
I suspect it wasn't as clear as the author thought, and the people who clicked thought they were going to "get in inSPected here".
Not that I'd recommend clicking on such a link either, because that is precisely what most inFectors would post.
Can think of worse ways to test your anti-virus
After all, if you don't get a report of a quarantined file or a virus attack on your machine, how do you know your protection is working?
...there are always the "accidental" clicks too, I'm afraid. I've accidentally clicked on things myself, which is pretty annoying. But pages (specially in news sites) are so full of stuff and those "auto pop up balloons" in some links (should be punished with death) nowadays that it's not hard to do it at least once or twice in a year. Or my cat could be playing with the mouse...
When faced with a link like that of any kind, when I'm using Linux, I have absolutely no qualms in clicking any link promising to infect my computer. I would definitely click that link if faced with it - just out of curiosity.
Feeling Superior? Update Your Mac OS X Today and F*#k is up
Anytime you MacDroids are falsely feeling superior, just open up that "Software Update" window that's directly connected to Apple's horror chamber of Flaky and Buggy OS X and Apple App Updates.
WHEN will these be part of those cleaver BS Apple TV Ads??
Friday, April 27 2007 @ 03:00 AM PDT
Special Report: Troubleshooting Security Update 2007-004
Covering these topics:
* Release notes, update recommendations
* Common fixes
* Files modified by this update
* Active Directory login issues
* AirPort connectivity issues, fixes
* Cannot connect to local servers (Error -35)
* Files in Finder cannot be renamed
* Flash playback not working
* FTP security issue for Mac OS X server (users logged in at root directory)
* Login problems: users cannot login after update
Or how 'bout those "Quirky" Macs?
Wednesday, May 16 2007 @ 08:30 AM PDT
Apple: New (Mid 2007) MacBooks may exhibit external display quirks
Apple has posted a new Knowledge Base article ( #305507 ) detailing a potential external display quirk with the newly introduced Mid 2007 MacBooks .
If the systems are connected to an external display in extended mode (rather than mirrored), the menubar location is on the external display, and the systems are woken from sleep by opening the clamshell, video may not be displayed on the built-in display.
ALL compliments (daily) from Mac "FanBoy" site macfixit.com
Wow, look at the above
Interesting. An article that doesn't even mention Apple at all, and an Apple hater has to come in here, and dump a load of garbage in the comments about how bad they are. And you're trying to prove the point that WE are all fanboys?
The other strange thing is that apparently since Apple just released an update fixing a large number of bugs, that means that their system is very buggy? Software update hell? Those bugs are fixed when you apply that update, not created...
Can't think of any worse way to test your anti-virus
There's testing, and then there's testing to destruction, and then there's just plain daft, which is what surfing live to an unknown infection would be.
If you want to "test" your AV, download the damn website with wget or some similar utility, your AV will still alert if it spots anything but you won't be doing anything so reckless as running live malware in a fully-fledged browser environment.
The correct method for testing your Anti-Virus software...
...is to use the EICAR test file. This is a harmless test file that most AV programs will detect as a virus. See http://www.eicar.org/anti_virus_test_file.htm
Going to a site you suspect will try and infect your PC is just asking for trouble.
Eicar test whether your antivirus is turned on and slightly more able to stop PC infections than wearing a copper bracelet.
It only tests that your AV is alive and can recognise a file which it is specifically designed to recognise.
Heuristic detection is a completely different ball game, you can't just stop malware by attempting to 'enumrate badness', you need to able to correctly identify variants and completely new threats.
This campaign proves that people are willing to click on anything, and that this sort of ad is very cheap to run and get plenty of hits. 400+ potential zombies for $23? A bargain.
Did Google know...
if it was a test or real, or were they completely unaware of this ad altogether?
How long will it be before Mr. Stevens is charged with attempting to infect machines by some overzealous prosecutor who knows dick about PC security?
"That's the kind of figure that might be recouped by selling access to compromised zombie machines, providing hackers had enough funds up front,..."
Not anymore, you just gave them your (cheaper and easier) source...
End User Curiosity Can Cause Risk to the Organisation
Most end users do not think about the consequences of clicking on an unknown link or by downloading an application or by using a USB stick that they found in a parking lot. It's sort of like a traffic accident - you don't really want to see the wreckage and the hurt people, but you look anyway - your curiosity gets the best of you.
It's the same thing with the internet, email and a found USB stick - curiosity can sometimes get the best of you.
Organisations must understand that end users are not typically disciplined enough from a security best practices point of view and must enforce usage policies that can drastically reduce the risk of potential unknown threats. More on this topic at http://endpointsecurityblog.blogspot.com/.