McAfee: beware sponsored search results

All the major search engines return "risky" Web sites in their search results for popular keywords, according to a report by antivirus vendor McAfee. In the worst cases, users who click on malicious sponsored links risk having their machines compromised by hackers.

Google, Yahoo, MSN, AOL and Ask.com were all tested by experts from McAfee SiteAdvisor, which reports on Web site security.

Ask.com was found to return the highest number of undesirable sites, at 6.1 percent of searches, while MSN was safest at 3.9 percent. Google, currently the world's largest search engine, tied with AOL with 5.3 percent of search results being "risky".

"We see many instances when search engines lead users to dangerous content," said McAfeee. "Users can't count on search engines to protect them; on the contrary, we find that search result rankings often do not reflect site safety."

Dangerous Web pages identified by McAfee included phishing sites designed to steal sensitive user information, sites that attempt to compromise a user's PC, and those that send high volumes of spam. Other sites attempted to install spyware, software that monitors users without their consent and can be used by hackers to remotely control a computer.

Sponsored links were found to be particularly dangerous, and were up to four times as likely to be dangerous.

"Users are at especially high risk when visiting search engine advertisers — even though search engines are well equipped to impose strict guidelines on sites buying prominent placement," McAfee said in its report.

In principle, the listing rules, ranking rules, and advertising policies used by search engines should shield users from bad advertising practices. However, McAfee said that profit motivations had shifted search engines' ranking methodologies.

"Prominent results often reflect solely a site's willingness to pay rather than its quality, relevance, or safety," McAfee said in the report.

Greg Day, security analyst for McAfee, told ZDNet UK that the next logical step in the future was for search engine companies to partner with security vendors to provide users with more secure search results, as a market differentiator.

"We're seeing more Internet misuse, so it's advantageous for search engines to give only safe data [to users] — that would be a huge differentiator," said Day.

As many as 72 percent of results led to dangerous sites for the riskiest keywords studied. Businesses were asked to warn employees that particularly dangerous keywords include "free screensavers", "bearshare", "Kazaa", "download music", and "free games". McAfee excluded explicit keywords from its results.

While businesses tend to be better protected than home users, McAfee said enterprises were still at risk from employees unwittingly installing malicious code, and still had to deal with the costs of spam, junk email and cleaning up pop-ups.