June 2, 2009— -- Are your Web searches putting your computer at risk?
In a recent report, security firm McAfee, Inc. revealed how cybercriminals use popular search terms to unleash malicious software that can infect a computer and, in some cases, steal a user's identity.
McAfee researchers analyzed more than 2,600 of the most popular search terms of 2008 from a range of sources, including the Google Zeitgeist and the Yahoo! 2008 Year in Review.
According to the report, "The Web's Most Dangerous Search Terms," the 10 riskiest searches in the United States are:
1. Word Unscrambler
4. Free Music Downloads
5. Phelps, Weber-Gale, Jones and Lezak Wins 4x 100m Relay
6. Free Music
7. Game Cheats
8. Printable Fill in Puzzles
9. Free Ringtones
"Search engines are our on-ramp, our highway and our off-ramp -- they're everything for Web travel," said Shane Keats, the research analyst with McAfee who led the study. "The hacking community is very smart -- they can spot a trend as well as any trendspotter."
Just as pickpockets know they'll have the best odds of snatching a wallet on a busy city sidewalk, Internet thieves know they'll have the most luck by targeting crowds.
"If you're hacking for profit, the best way to make money is with the largest pool of potential victims," he said. "The biggest crowd is going to be around these trends."
After analyzing the search terms, Keats and his team found that not only are hackers looking for crowds, they are also attacking Internet surfers who are ready to take an online action, like downloading a ringtone or logging in to a site with a name, address and social security number.
For example, people searching for free music downloads are easy targets for hackers because they are expecting to download an mp3.
"They're primed and ready to take an action," Keats said.
Cyber Criminals Increasingly Use Search Engines to Spread Malware
To evaluate the risk associated with each keyword, the McAfee team looked at the search results generated by each keyword. Then they calculated the percentage of links that would take users to Web sites with unwanted adware, spyware or other malicious software.
The term "lyric," for example, had an average risk of 14.8 percent, meaning that nearly 15 out of 100 search results would take users to risky sites.
Among the most dangerous categories of search terms: online games, free downloads, song lyrics, and screensavers. "Work from home" searches were also among the most likely to attract scammers, Keats said.
Search terms involving online games were among the riskiest because online games often prompt users to install plug-ins or register with a name or e-mail address.
Keywords that include lyrics were risky because Web sites featuring the words to songs sometimes host links that take users to sites with unwanted pop-up ads or spyware.
Keats, however, recognized that the study is not without limitations. For example, the fifth most dangerous search, "Phelps, Weber-Gale, Jones and Lezak Wins 4x 100m Relay" was specific to the 2008 Beijing Olympics and will likely not be replicated in future years.
Still, computer security experts say the study highlights an emerging trend in cyber crime.
Gary Warner, a computer forensics expert at the University of Alabama at Birmingham, said online scammers used to distribute malicious software through spam, or unwanted e-mail. But now, he said, cyber criminals are changing their tactics and targeting victims through search engines.
"It's growing. It's been going on for more than two years," he said. But "in the past three months, it's become the predominant way of spreading malware.
"We're seeing major malware programs stop sending spam and doing it all this way," he added.
To protect themselves, Internet surfers should adjust their Internet browser settings so that the browser doesn't run any program unless users actively give it the green light, Warner said.
McAfee's Keats cautioned users to stay in the "well-lighted" parts of the Internet, for example, downloading a Beyonce screensaver from her fan page instead of an obscure Web site.
He also warned Internet surfers that if it sounds too good to be true, it probably is. If a link promises free downloads of the all the latest hit songs, chances are it's leading you to a risky Web site, he said.
"The Web is a great resource and we should absolutely be using it, but you've got to use the safe rules of the road," Keats said. "What's true in the offline world is true online, too."
For the complete list of the 50 most dangerous search terms, click on to the next page.
The 50 Most Dangerous Web-Search Terms in the United States
1. word unscrambler
4. free music downloads
5. phelps, weber-gale, jones and lezak win 4x100m relay
6. free music
7. game cheats
8. printable fill in puzzles
9. free ring tones
12. make money
13. viva la vida (coldplay) lyrics
14. touch my body lyrics
15. love song lyrics
16. lollipop lyrics
17. my life (lil wayne) lyrics
20. the price is right
21. kimbo slice
26. music downloads
29. paper planes (m.i.a.) lyrics
30. no air lyrics
31. with you (chris brown) lyrics
34. free e-cards
35. text twist
36. bleeding love lyrics
37. no air by jordin sparks feat. chris brown
39. mixed wrestling
40. zuma rossdale
41. paris hilton
42. pamela anderson
43. free compatibility reports
44. free people search
45. song lyrics
49. casey and caylee anthony