14 DAY TRIAL // As part of their second annual report, security company McAfee compiled a list of the most dangerous celebrity names to search for. Brad Pitt tops this list and searching for his name is supposed to correspond with a 1 in 5 chance of ending up on a malicious website. Paul Ducklin, head of technology for security firm Sophos in the Asia Pacific area, calls the media fuss raised by McAfee's research a security hyperbole and compares it to the Michelangelo virus in 1992 or the Millennium “Bug” in 1999.
McAfee's dangerous celebrity list attracted a lot of media attention and not only in terms of online media coverage, where the news that searching for the likes of Brad Pitt, Beyoncé or Justin Timberlake can get your systems compromised is still actively discussed on blogs. McAfee's report suggests that an important percent (18) of “Brad Pitt” search results lead to wallpapers, screensavers and images that are directly related to malware. In fact, according to the report, if you were to actually search for a Pitt screensaver and type “Brad Pitt screensaver” into a search engine, 50% of the results would lead to malware.
Things don't look too good for the fans of Beyoncé, 2nd place in the list, or Justin Timberlake, 3rd place, either. Searching for Beyoncé ringtones can lead to scam websites that attempt to gather personal information for illicit purposes, while “Justin Timberlake downloads” search results can take users to “free” spam, adware and spyware instead of free music. According to McAfee's list, the other “dangerous” celebrities are, in order starting with 4th place, Heidi Montag, Mariah Carey, Jessica Alba, Lindsay Lohan, Cameron Diaz, Angelina Jolie, Fergie, David Beckham, Katie Holmes and Katherine Heigl.
Jeff Green, senior vice president of McAfee's Product Development & Avert Labs pointed out that "cybercriminals employ numerous methods, yet one of the simplest but most effective ways is to trick consumers into infecting themselves by capitalizing on Americans' interest in celebrity gossip". Sophos' Paul Ducklin begs to differ claiming that this whole thing simply isn’t true. “If you go online and search for 'Pitt', you do NOT have a one-in-five chance of getting infected, and suggesting that you do is just spreading FUD (fear, uncertainty and doubt),” he adds.
In a blog post, Mr. Ducklin points out that there are a few major problems with this McAfee story. First, he explains, people who have searched for Pitt and didn't get infected and who now read about the supposed risk they were exposed to, will believe that if they dodged such dangerous search results they don't have to worry about search results for other terms that are not tagged as being particularly dangerous. The second problem is related to the first, as these statistics themselves tend to suggest that by not searching for celebrity names, one could improve their online security. He shows why this isn't true by exemplifying with the new 16,000 infected pages that Sophos researchers discover every single day. These pages are not focused on any particular subject like celebrity-related ones.
And the last, but not least, problem with this story, according to Ducklin, is that “it doesn’t bother to explain how you can search safely,“ which represents an issue for people who do actually want to search for “Brad Pitt”. He gives several detailed recommendations in this regard like using a spam filter, a web filter, an up-to-date anti-virus program, applying all the security patches for the software installed on the computer and the operating system itself, using network access control software as well as your own common sense and not clicking on everything that isn't important to you or believable or is simply too good to be true. In the end, he also suggests not falling for security hyperbole as this whole celebrity-based search terms deal.