The Web's most dangerous keywords to search for

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Which is the most dangerous keyword to search for using public search
engines these days? It’s “screensavers” with a maximum risk of 59.1
percent, according to McAfee’s recently released report “The Web’s Most
Dangerous Search Terms“.

Upon searching for 2,658 unique popular keywords and phrases across
413,368 unique URLs, McAfee’s research concludes that lyrics and
anything that includes ‘free” has the highest risk percentage of
exposing users to malware and fraudulent web sites. The research
further states that the category with the safest risk profile are
health-related search terms.

Here are more findings:

    * The categories with the worst maximum risk profile were lyrics
keywords (26.3%) and phrases that include the word “free” (21.3%). If a
consumer landed at the riskiest search page for a typical lyrics
search, one of four results would be risky
    * The categories with the worst average risk profile were also
lyrics sites (5.1%) and “free” sites (7.3%)
    * The categories with the safest risk profile were health-related
search terms and searches concerning the recent economic crisis. The
maximum risk on a single page of queries on the economy was 3.5% and
only 0.5% risky across all results. Similarly, even the worst page for
health queries had just 4.0% risky sites and just 0.4% risk overall

This isn’t the first time McAfee is attempting to assess the risk
percentage of particular search terms, as the company did similar
studies in 2006 and 2007. And whereas the research attempts to raise
awareness on malicious practices applied by cybercriminals, it also has
the potential to leave a lot of people with a false feeling of security
since it’s basically scratching the surface of a very dynamic problem.

With cybecriminals anticipating the dynamic nature of Web 2.0, they
too, adapt dynamically to the changing environment. In the context of
blackhat SEO, like true marketers they apply basic mass marketing
keyword practices, which may get wrongly interpreted as the use of
particular keywords only.

In reality, mass marketing from blackhat SEO perspective means a very
diverse set of topics usually consisting of hundreds of thousands of
syndicated news/video/blog titles aggregated over a recent period of
time, all operated by the same group. Therefore, the search term
“screensavers” or any related phrases is among the hundreds of
thousands of others part of a single malware campaign.

In October, 2008, cybercriminals taking advantage of blackhat SEO for
malicious purposes, started syndicating popular Google Trends keywords
in real-time in order to occupy the top ten search results with
hundreds of automatically registered Windows Live Spaces serving Zlob
variants as fake codecs back then. This dynamic approach not only
undermines any static lists of “most dangerous keywords to search for”,
but also, tipped more cybercriminals on the basics of event-based
blackhat SEO campaigns serving malware.

For instance, in an attempt to hijack the anticipated traffic of people
searching for the Twitter XSS worm StalkDaily/Mikeyy, blackhat SEO
campaigns using related keywords started appearing in public search
engines serving scareware. At least that’s what appeared at the first
place, since a much more in-depth research revealed that the Mikeyy
keywords are part of a diverse blackhat SEO farm. The same Ukrainian
group took advantage of the swine flu buzz and launched another
blackhat SEO campaign earlier this month, again consisting of swine flu
related keywords in between the diverse set of topics that they’ve
generated on the hundreds of domains participating.

Furthermore, taking into consideration the fact that nowadays
legitimate and compromised web sites serve more exploits and malware
than the purely malicious ones (77% of Websites that carry malicious
code are legitimate sites; Thousands of legitimate sites SQL injected
to serve IE exploit; Over 1.5 million pages affected by the recent SQL
injection attacks; Gumblar - approximately 17,000 compromised sites), a
compromised web site’s index would undermine any such static lists of
dangerous keywords to search for based on the diverse content that it’s

So, which is the most dangerous keyword to search for on the Web?
That’s a variable which cybercriminals play with at any moment.



Site Timeline