The Dark Side of the Search Engine Business
A new study by McAfees SiteAdvisor Web ratings finds that sponsored results from some of the biggest names in the search engine business contain spyware, spam, scams and other Internet menaces.
The study, which was conducted by anti-spyware activist Ben Edelman and SiteAdvisor research analyst Hannah Rosenbaum, found that all the major search enginesGoogle, Yahoo, Microsofts MSN, AOL and Ask.comreturned risky sites in results for popular keywords.
Even worse, sponsored results contained two to four times as many dangerous sites as organic results, according to the survey, which combined data from SiteAdvisors automated Web crawlers and new searches using popular keywords culled from the Google Zeitgeist and other industry sources.
During the survey, which began in January 2006, the researchers used 1,394 popular keywords to extract top organic and sponsored search engine results and evaluated the site safety against SiteAdvisors color-coded safety assessments.
Overall, across all keywords and search engines, 8.5 percent of sponsored results were "red" or "yellow," suggesting those sites were hosting drive-by exploits, bundling adware/spyware with downloads or hammering in-boxes with spam. By comparison, only 3.1 percent of organic results were considered unsafe.
The survey found there was little correlation between search result placement and safety. Page 1 search results were only "moderately safer" than results for pages 2 through 5, and dangerous sites soared to as much as 72 percent of results for certain risky keywords.
The most dangerous keywords include "free screensavers," "bearshare," "kazaa," "download music" and "free games."
Based on the findings, the researchers estimate that Web surfers in the United States make 285 million clicks to hostile sites every month as a result of search engine results.
"Its a jungle out there. Users should be careful where they go and what they do when choosing sites based on search engine results. Despite search engines efforts, we see too many sites trying to deceive unsuspecting users. These tricky sites span a range of content areas, keywords and business modelsso there is no simple advice as to how to stay safe," Edelman and Rosenbaum wrote.
"Users cant count on search engines to protect them; to the contrary, we find that search result rankings often do not reflect site safety. Users are at especially high risk when visiting search engine advertiserseven though search engines are well-equipped to impose strict guidelines on sites buying prominent placement," the researchers added.
Overall, Microsoft MSN search results had the lowest percentage (3.9) of dangerous sites, while Ask had the highest percentage (6.1).
Just over 5 percent of all results from Google and AOL returned a dangerous Web site.
The researchers believe that the least dangerous search results from MSN reflect Microsofts publicly documented effort to remove unsafe sites via its HoneyMonkey exploit detection project.
SiteAdvisor, which was recently acquired by McAfee, reckons that around 5 percent of all Web traffic contains nasty malware or spam content. The site estimates there are 1 billion monthly visits to Web pages that arent safe for surfing.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.