Most malware is installed now when you visit a rigged web site that takes advantage of a weakness in your system. Perhaps it is able to install a virus or root kit because your computer does not have the latest updates for Windows or Flash. Far more often, the weakness is a lapse in your common sense, when you are fooled into clicking unwisely on an OK button.
You may think that it’s unlikely that you will be led to a poisoned web site. In fact many of you engage in risky behavior all the time without knowing it, by doing web searches and clicking on the results.
When you do a search on Google or Bing or one of the other search engines, the list of results may include some poisoned web sites. The risk of visiting a dangerous site skyrockets if your search includes some of the most popular search terms.
McAfee examined 2,600 popular keywords on five major search engines — Google, Yahoo, Live, AOL and Ask — and analyzed 413,000 Web pages.
This paper examines a new phenomenon—the use of search engines as a conduit for profit-driven hackers—by analyzing the risk of searching for more than 2,000 of the most popular words and phrases (“keywords”) used in search engines in 2008. From “Jonas Brothers tickets” to “game cheats” to “Viva la Vida lyrics,” these keywords represent a broad slice of what search expert John Battelle calls our “database of intentions.”
Along with our “intentions,” this database also reveals how much risk we expose ourselves to each and every time we put our favorite search engines to use. How much risk? For some keywords like “popular screensavers” and “descargar google” and certain of their resulting pages, the risk can be pervasive—75% or more results (three out of four) can lead to increased web security risk.
The most dangerous search term is “lyrics”. The next most dangerous terms were “free” and “screensavers.” In some cases, there were pages of search results where almost 50% of the sites were dangerous in some way.
As you might expect, the scammers also follow popular trends, so the chance of being led to a rogue web site increases if you search for whatever celebrity is in the news.
Interestingly, searches related to health care were among the least likely to lead to risky sites.
The McAfee study can be read here. The numbers are sliced and diced in different ways – it’s interesting reading.
Follow the rules for safe computing and be careful out there!