Last year it was Brad Pitt, but according to this year's McAfee report "Riskiest Celebrities to Search on the Web", it's Jessica Biel related searches that have "one in five chance of landing at a Web site that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware".
Just like previous editions of the report, the latest one has also excluded the dominant adult content theme, as well as the fact that static lists of dangerous keywords to search for are long gone from the arsenal of the experienced blackhat SEO campaigner. In 2009, cybercriminals enjoy the benefits of the real-time Web at its best, by dynamically serving malware based on trending topics, or occupying as many keywords as possible through blackhat SEO (search engine optimization) tactics.
A good example of the current situation is an ongoing malicious campaign abusing Digg's high page rank, which is redirecting to scareware-serving sites by hijacking keywords related to any of the top 15 celebrities listed in McAfee's report.
- Go through related posts: The Web's most dangerous keywords to search for; Cybercriminals hijack Twitter trending topics to serve malware; Cybercriminals syndicating Google Trends keywords to serve malware; Federal forms themed blackhat SEO campaign serving scareware; Dissecting the Ongoing U.S Federal Forms Themed Blackhat SEO Campaign; Google Video search results poisoned to serve malware; Massive comment spam attack on Digg.com leads to malware
Taking into consideration Digg's high page rank and the near real-time crawling of Digg submitted content, cybercriminals are systematically abusing major Web 2.0 services in order increase the visibility of their malicious content. Moreover, not only are they diversifying the themes, but also, by abusing multiple Web 2.0 services there are instances where the first 10 search results for a particular keyword are all populated by malicious sites part of a single campaign.
The bottom line is that any celebrity related search can lead to a malicious site depending on the momentum of a particular campaign, or the type of theme the cybercriminal chose to use. Therefore, relying on static lists for potentially dangerous keywords is unrealistic in a cybercrime ecosystem that's taking advantage of the traffic peak momentum in real-time.