Upon searching for 2,658 unique popular keywords and phrases across 413,368 unique URLs, McAfee's research concludes that lyrics and anything that includes 'free" has the highest risk percentage of exposing users to malware and fraudulent web sites. The research further states that the category with the safest risk profile are health-related search terms.
Here are more findings:
- The categories with the worst maximum risk profile were lyrics keywords (26.3%) and phrases that include the word “free” (21.3%). If a consumer landed at the riskiest search page for a typical lyrics search, one of four results would be risky
- The categories with the worst average risk profile were also lyrics sites (5.1%) and “free” sites (7.3%)
- The categories with the safest risk profile were health-related search terms and searches concerning the recent economic crisis. The maximum risk on a single page of queries on the economy was 3.5% and only 0.5% risky across all results. Similarly, even the worst page for health queries had just 4.0% risky sites and just 0.4% risk overall
With cybecriminals anticipating the dynamic nature of Web 2.0, they too, adapt dynamically to the changing environment. In the context of blackhat SEO, like true marketers they apply basic mass marketing keyword practices, which may get wrongly interpreted as the use of particular keywords only.
In reality, mass marketing from blackhat SEO perspective means a very diverse set of topics usually consisting of hundreds of thousands of syndicated news/video/blog titles aggregated over a recent period of time, all operated by the same group. Therefore, the search term "screensavers" or any related phrases is among the hundreds of thousands of others part of a single malware campaign.
For instance, in an attempt to hijack the anticipated traffic of people searching for the Twitter XSS worm StalkDaily/Mikeyy, blackhat SEO campaigns using related keywords started appearing in public search engines serving scareware. At least that's what appeared at the first place, since a much more in-depth research revealed that the Mikeyy keywords are part of a diverse blackhat SEO farm. The same Ukrainian group took advantage of the swine flu buzz and launched another blackhat SEO campaign earlier this month, again consisting of swine flu related keywords in between the diverse set of topics that they've generated on the hundreds of domains participating.
Furthermore, taking into consideration the fact that nowadays legitimate and compromised web sites serve more exploits and malware than the purely malicious ones (77% of Websites that carry malicious code are legitimate sites; Thousands of legitimate sites SQL injected to serve IE exploit; Over 1.5 million pages affected by the recent SQL injection attacks; Gumblar - approximately 17,000 compromised sites), a compromised web site's index would undermine any such static lists of dangerous keywords to search for based on the diverse content that it's providing.
So, which is the most dangerous keyword to search for on the Web? That's a variable which cybercriminals play with at any moment.
Join Discussion