Don't get it...
What compels people to scan the dodgy QR code?
Security researchers have spotted spam emails that point at URLs featuring embedded Quick Response codes (QR codes). QR codes are a two-dimensional matrix barcode that can be scanned by a camera phone to link users directly to a website that can host any type of content, malicious or otherwise. By using QR codes (rather than …
If you're using a BIND resolver, you can use Response Policy Zones (RPZs) so that malicious domains are not resolved. Ultimately, it doesn't matter where the URL comes from - a link in a spam email, from a "friend" or a QR code, by catching at the DNS level, the problem is somewhat mitigated.
More at:
http://www.isc.org/community/blog/201007/taking-back-dns-0
Of course there will be those who complain about loss of freedom - but as a last resort, they can use their own recursive resolvers if they so wish. For the 99.8% of average users, this seems to be a viable mitigation strategy.
That's not how it works (typically). You just scan the code with your phone and it takes you there straight away. I don't think most people have made the connection that this is the same as clicking on a mysterious link. To be fair, most devices probably allow you to disable that behavior, but it would have to occur to someone why the default is unsafe before they would do that.
why would you even scan a spam email with your phone? You'd have to either print it out, or click a picture of a monitor with the barcode displayed on it. You'd think that anyone that would follow links in junk mail wouldn't have enough together to start up a scanner app. There must be something missing here.
I really like QR codes because they're easy to make and you can embed a lot of data in them (my employer has a QR code vcard feature embedded into the corporate phone book, so you can can add names to your phone book by scanning the screen once you've looked up a name). But it's not something you're going to kick off by mistake.
Weird... I don't use QR codes very often, but whenever I scan one with my phone, it superimposes the actual URL over the image from the camera, and I have to actually click on "accept" to go to the site.
That way I can read the link before clicking on it... I thought this would be the standard behavior, but I'm probably wrong
When I first saw your headline, I read, "a solution in how to eradicate users..." Perhaps something some of the other posters here are looking for, too.
I've found the QR codes somewhat strange, if for nothing else than for your actively asking for more advertisements. I could see, maybe, having it automatically send you back (or having -you- send you back, really) a link to whatever the thing is, so you remember it. That makes a bit more sense. But going straight to a web site that serves another ad? It just seems bizarre. Please, sir, can I have some more? Or, for fans of Max Mosley - "I think you need some more of the punishment!"
I think most people who use QR codes realise what they are for. No one in their right mind is going to click a link in a spam msg, and then scan a QR code out of curiosity. There again, there are a lot of people not in their right mind...
It's a shame the spammers are abusing QR codes but as with everything those days, you have to consider whether you trust the source, and if that email message, tweet, blog or Facebook post was actually created by the assumed author.
Disclaimer: We operate a free online QR code generator and tracking service at http://snap.vu. Like any similar service this could be abused by spammers to generate QR codes but a quick glance through the table listing many 1000s of redirect URLs assures me that it is being used for education purposes and legitimate marketing activities. So QR codes are just another tool that can be abused - is there any news in that?