Watch out! When you are carrying out those innocent searches on the internet for Indian keywords like Waptrick (Mobile Java Games site), Katrina Kaif, Orkut, Yahoomail, Shahid Kapoor, rediffmail, how to earn, Shimla, or Beijing 2008 Olympic Games, you are being stalked.
The set of ‘risky keywords’ varies with the country but, the mind of the hackers works in sync globally. Cyber criminals have been quick to realize that the same search engines that enable legitimate businesses to reach more consumers can also be used by criminals to separate more victims from more of their money.
A McAfee paper on ‘The Web’s Most Dangerous Search Terms’, has tracked the use of search engines as a conduit for profit-driven hackers-by analyzing the risk of searching for more than 2,000 of the most popular words and phrases used in search engines in 2008.
This should not be surprising to observers of security trends. Since hacking for fame has given way to hacking for profit, malicious players have grown increasingly sophisticated in their ability to find large pools of potential victims.
By measuring the relative risk of popular search terms, this study confirms that scammers continue to target the largest pools of victims. McAfee searched for more than 2,600 popular keywords. Overall, McAfee examined more than 413,000 unique URLs (web addresses).
14 countries had keyword lists that exposed users to a higher maximum risk than average, including the Czech Republic (14.2%) and Brazil (12.1%). And 12 countries were overall riskier than the average, including Mexico (1.9%) and India (1.8%). These findings may prove to be anomalies, but if subsequent studies confirm them, this could be early evidence of a troubling new trend of scammers targeting non-U.S. victims.
To better capture this variety, McAfee used keyword variations from data company Hitwise1 to get a more detailed picture of the nature of risk for certain keywords. If we look more closely at one phrase and its variations, we can begin to understand more about search risk. These deep dives looked at the 25 most popular search word variations for 12 popular keywords in the United States.
These include Screensavers, Free Games, Work From Home, Rihanna, Webkinz, Powerball, iPhone, Jonas Brothers, Twilight, Barack Obama, Taxes, and Viagra
Why are certain keywords or search terms riskier than others? While it’s not always possible to understand the minds and motivations of today’s sophisticated hackers, McAfee can provide some insight based on known techniques employed by cybercriminals. Hackers are most successful when they can attract a large number of victims. One way to target big crowds online is to track current events-everything from celebrity meltdowns and natural disasters to holidays and popular music.
Why are certain keywords or search terms riskier than others? While it’s not always possible to understand the minds and motivations of today’s sophisticated hackers, McAfee can provide some insight based on known techniques employed by cybercriminals.
Hackers are most successful when they can attract a large number of victims. One way to target big crowds online is to track current events-everything from celebrity meltdowns and natural disasters to holidays and popular music
One key tool cybercriminals use to snare victims is to get them to download a computer file or program that comes with a malicious payload. With these two concepts in play, let’s take a look at one of our riskiest search terms: free music downloads. On average, 20.7% of results were risky (compared to just 1.7% of all search terms) and on one results page out of the 25 search engine pages we rated, we found a whopping 42.9% of results risky.
As consumers continue to convert their music libraries to digital formats like MP3 files, they also struggle with the cost of buying music they may already own in cassette, LP record, or other formats.
Caught between those two needs, many consumers have heard that the web can be a source for free music. If the consumer is already looking for music, then they already have the mindset of being willing to download something-and that makes the malware author’s work easier
A website’s subject matter or type of content can also affect its riskiness. Two such examples are lesser known pornographic and gambling sites that can be used to host malicious software such as exploits, dialers, Trojans, and other malware. This type of content can lead consumers down the dark alleys of the Internet, and consumers expose themselves to more risk when they attempt to search for these terms.
When determining “market size” for their scams, cybercriminals may look at the total number of website links a search term yields. Googlebattle.com is a good tool for illustrating this. McAfee found “Brad Pitt” more dangerous to search for than “Hugh Jackman” (14.3% maximum risk to 9.1%). Similarly, Googlebattle produces 26.4 million hits for Brad Pitt and just 5.5 million for Hugh Jackman.
Similarly, spikes in news coverage can also drive even consistently popular keywords out of the “most risky zone.” For example, three popular female celebrities are Angelina Jolie (8.3% maximum risk) Oprah Winfrey (10%) and Beyonce Knowles (10%).
But searches for Zuma Rossdale, the daughter of Gavin Rossdale and Gwen Stefani, can be as risky as 25%, suggesting that malicious or unscrupulous players do pay significant attention to news events.
McAfee is not the only company or institution to find scammers using popular culture and trends to reach larger pools of potential victims. This past May, for example, security company Sophos found Trojans in celebrity-related email attachments.
In 2006, a study by University of Washington researchers found game and celebrity sites that “ …appeared to pose the greatest risk for piggybacked spyware, while sites that offer pirated software topped the list for drive-by attacks.” That same year, Microsoft filed suit against a company it alleged was using celebrity screensavers to distribute spyware.
More recently, Trend Micro reported finding scams targeting job-seekers. Given the difficult global economy, we are not surprised that scammers would zero in on this growing pool of victims. Likewise, Gary Warner, a computer forensics researcher, found scammers using the U.S. economic stimulus to target victims.
Symantec also found stimulus come-ons in email that, if answered, could lead to loss of personally identifiable information and identity theft. And in February, Digg, the very popular news site, was reportedly the victim of hundreds of thousands of fake comments that drove visitors to websites hosting malware.
An independent security researcher named Shanmuga analyzed a file that promised new video of Paris Hilton but was but was in fact a lure to inject viewers.
To read more check this out Click