Searching for details regarding the latest celebrity gossip may expose you to everything the IT underground has to offer - from adware and spyware to misleading offers and fake newsletters enticing you to opt-in into a spammer's campaign. McAfee owned SiteAdvisor has recently released the 2008 list of the celebrity names that are most actively abused by malicious attackers in order to attract legitimate traffic to their malicious sites.
"01. Brad Pitt -- When "Brad Pitt screensavers" was searched, more than half of the resulting Web sites were identified as containing malicious downloads with spyware, adware and potential viruses.
02. Beyonce -- Inputting "Beyonce ringtones" into a search engine yields risky Web sites that promote misleading offers to gather consumers' personal information.
03. Justin Timberlake -- Interest in his high-profile relationships makes him an easy target for spammers and hackers. When searching for "Justin Timberlake downloads" one Web site advertised free music downloads that were flagged as directly leading to spam, spyware and adware.
04. Heidi Montag -- "The Hills" star is a popular search term when it comes to searching for wallpaper. A host of wallpaper Web sites contained hundreds of malware-laden downloads.
05. Mariah Carey -- Spammers and hackers are using Mariah Carey screen saver Web sites to link to other sites proven to contain spyware, adware and other threatening downloads."
Who else is on the list?
Celebrities like the following in order of maliciousness - Jessica Alba, Lindsay Lohan, Cameron Diaz, George Clooney, Rihanna, Angelina Jolie, Fergie, David Beckham, Katie Holmes, Katherine Heigl.
With the research originally based on SiteAdvisor's rankings for related celebrity sites, it's basically scratching the surface since these sites are only the tip of the iceberg beneath which lies an extensive network of blackhat search engine optimization campaigns and comprehensive portfolios of domains serving fake celebrity sites pushed in the form of spam. This approach is not exclusively targeting a particular celebrity more than another, it's targeting all of them. Moreover, searching means that the end user is "pulling" the malicious sites, whereas "pushing" them through spam, blackhat SEO seems and SQL injections in order to acquire traffic, remains the tactic of choice. These traffic acquisition tactics are also abusing legitimate services like Blogspot, Google Groups or MSN Groups, instead of using separate domains and are consequently not flagged as malicious but reputation based services like SiteAdvisor.
With multiple vendors and security researchers continuing the see evidence that legitimate sites have started serving more malicious content that on purposely registered malicious domains, you may in fact be more susceptible to an attack while browsing your favorite site, than searching for a particular celebrity. And even if you don't search for the celebrities, the celebrities are always searching for you, just check your spam/malware folder.