A new report from McAfee argues that if a computer user navigates to his/her favourite search engine and searches for "MySpace", he/she has up to a 50% chance of visiting a dangerous website. This report, titled "The Web's Most Dangerous Search Terms" (.pdf) sent a chill down my spine and made me want to write this article.

The researchers who wrote this report (Shane Keats and Eipe Koshy) should be commended for how they designed this experiment. To start, the researchers collected a list of extremely popular search terms from services like Google Zeitgeist and Yahoo Buzz. After they collected a list of keywords, they took these terms and plugged them into five major US-based search engines. Then, they looked at the first five pages of the search results and flagged the pages deemed dangerous. And finally, they ranked how dangerous a search was in two different ways. "Average risk" refers to the total number of dangerous sites divided by the total number of sites over the twenty five pages. "Maximum risk" refers to the single page with the highest percentage of dangerous sites.

Some of the "maximum risk results are downright scary. I mentioned the 'MySpace' results in the first paragraph. If you search 'lyrics', your maximum risk is also 50%. Any query with the word 'free' is especially risky - 'free music downloads' has a maximum risk of 42.9%! Or, if you search 'free work from home', you could have a 1 in 2.5 (40%) chance of being directed to a dangerous page.

Even the 'average risk' numbers are scary. McAfee previously reported that about 4% of indexed sites are dangerous. The term 'free music downloads' has an average risk of 20.7%, or over five times the normal average risk!

This study demonstrates two very troubling things. First, cybercriminals are adept at 'gaming' search engines to lure victims into their schemes. Second, the kind of search queries targeted seems to indicate that cybercriminals are focusing their efforts upon the young and the vulnerable.

It would be nice to see more research in this field. I would be especially interested in finding out how the most dangerous pages are distributed. Are the first pages of search results vulnerable, or are the most dangerous sites shut out of the top ten? And second, I would love to find out which search engines are most vulnerable to these sorts of attacks. If anyone has seen research like this, please comment!