Discuss as:

Search engines outrank porn as fertile ground for malware

Blue Coat Systems

An illustration of Shnakule, the largest malware delivery network.

Avoiding porn sites won't keep you safe from malware, as infections are most likely to begin with image search results, according to one Web security company.

In a report released earlier this month, Blue Coat Systems dove into the labyrinth world of its bread and butter — cybercrime — and found a plethora of vulnerable areas that many stumble into on a daily basis, unaware of the sneaky tendrils that do everything from stealing identities to using hijackingemails to send out spam and scams.

One of the most surprising findings was how porn really doesn't hold as prominent a place in the malware world as it used to, like back in the days when pornadoes (porn pop-up windows) could send you into a cold-sweat tailspin, especially if you were at work and too embarrassed to tell the IT guy you just "stumbled" upon all kinds of XXX, y and z.

Blue Coat researcher Chris Larsen's infographic (below) highlights some of the report's findings. These jumped out at us:

  • Almost 40 percent of malware hijackings start at search engines, especially within image results strewn with malware mines, what Blue Coat calls "Search Engine Poisoning." 
  • Email and pornography are a distant third and fourth. (Though the report noted "spikes of up to 110,000 new pornography sites in a single day." And this also serves as a precaution against getting too comfy with all those titillating images: "Pornography remains as the last 'old school' lure. New adult web sites aregenerated daily, which makes real-time web content analysis and threat detection a requirement.")
  • The largest malware network that routes users to often malicious destinations is called Shnakule (don't even ask us how to pronounce that), with "2,000 unique host names per day with a peak of more than 4,300 per day" during the first half of 2011. Blue Coat warns, "It also proved the most adept at luring users in, with an average of more than 21,000 requests and as many as 51,000 requests in a single day. Shnakule is a broad-based malware delivery network whose malicious activities include drive-by downloads, fake anti-virus and codecs, fake flash and Firefox updates, fake warez, and botnet/command and controls. Interrelated activities include pornography, gambling, pharmaceuticals, link farming, and work-at-home scams."
  • "Image searches are the most dangerous activity users can engage in on the web."

This fact is also an alarming part of the report: "...Malware delivery networks are now hiding inlegitimate sites that are typically allowed by acceptable use policies."

And finally, if you're searching online for pirated material, do so at your own risk. This activity "ranks at the top of the list for possible malware delivery. Stolen user identities put phishing near the top of the list, plus spam for rich media, fakecodec updates, and fake-warez."

Blue Coat Systems

Infographic based on Mid-Year Security Report

While Google does now issue some warnings about malware, it only checks for one particular type, so vigilance is a must. 

Larsen passed on these tips to us:

  • SEP attacks tend to lead to Fake AV (Anti-Virus) scanners, so if your browser window ever tells you that you're infected, it's a fake.
  • Similarly, if your browser is telling you that you need to update Flash or need a new video codec, it's probably fake.
  • As your computer is booting into Windows, before you've loaded the browser, windows popping up telling you that you need to update something are very likely to be legit.
  • Stay patched on the "big 5" infection vectors: OS, Browser, Flash, PDF, Java (most exploit kits are not using unpatched zero-day vulnerabilities to attack; they rely on the principle that some percent of their visitors will not be fully patched).
  • Don't search for Porn or Cracked/Pirated software & movies. A high percentage of these are malware lures.
  • Run a good AV.
  • Run a good Web-malware filter (like K9).

If your computer does ingest malware, Larsen advises: "Once you're infected, you're in the classic 'desktop antivirus' world — those are the companies that understand how to disinfect computers. I recommend running a periodic system scan from a different AV vendor than your main AV, to see if it can pick up something the main one missed. (Not a good idea to run multiple AVs on one system though.)"

— via TechCrunch

More stories:

Check out Technolog on Facebook, and on Twitter, follow Athima Chansanchai, who is also trying to keep her head above water in the Google+ stream.