Reuters has an article up today on the most dangerous celebrities on the web. Topping this year’s list is Cameron Diaz:
NEW YORK (Reuters) – She may be known for her playful giggles and killer looks, but now movie star Cameron Diaz has become the most dangerous celebrity on the Internet. Diaz, 37, is top of the list of the most dangerous celebrities to search for online, above second-placed Julia Roberts, according to computer security company McAfee, Inc. Last year’s most dangerous Web celebrity, Jessica Biel, fell to third.
One in ten websites featuring the "Knight and Day" star contain malicious software intended to infect computers and steal data from users, according to research released on Thursday by McAfee. Creators of malicious software use celebrities as lures, baiting fans and followers to click on and download seemingly innocuous content containing programs designed to steal passwords and other private information for profit, said Dave Marcus, director of security research at McAfee Labs.
"They know that people want to have screensavers of popular individuals. They follow hot topics on the Web and create their poisonous content accordingly," Marcus said. "This relates to a larger trend of using social engineering lures. A lot of times a cyber criminal will mine Twitter, or follow Google Trends, to poison those links. It’s very clear they will use news trends to lure," he said.
To elaborate some more on what McAfee is saying, various services like Google publish their Google Trends top keywords which indicates what users are searching for the most. Services like Twitter will have their most trending topics, that is, what people are talking about and categorizing their tweets as. The ones that users are searching for or tweeting the most show up at the top of the list. It’s a good way to determine what people are interested in the most at a particular point in time. After the 2008 presidential election, people were all searching for Barack Obama. In February of this year, people were talking about the Olympics (no doubt regarding Canada’s victory in the men’s gold medal hockey game).
However, spammers will do the same thing. They will figure out the most important trends in a particular category or a particular time of year, and then they will create poisoned search results which gets their pages to the top of a search ranking. For example, they might engage an army of bots to crawl through various blogs that leave comments that contain the celebrity’s name, say Cameron Diaz, with a link to a web page (the spammer’s). When Google’s crawlers start searching the web, they pick up all these pointers to the spamming web page. Since part of Google’s search algorithm is finding out how many pages point to another page with a search tag attached, and since the spam bots have left tens to hundreds of thousands (to millions?) of redirects, this makes the web page show up higher in a Google search.
Of course, these web pages are not benign fan pages. They can contain a few different things:
- Drive-by downloads – These are web pages that have malicious code running in them that are designed to exploit vulnerabilities in a web browser. These exploits execute automatically without the knowledge of the user and silently install malware onto the computer. This illustrates why it is important to keep one’s browser fully patched, and more importantly, upgrade to the latest version (cough, UK government, cough).
- Links to free software or screensavers – Who can resist a free screensaver of your favorite celebrity? Well, most of the world, actually, but the point is that these screensavers may be free, but they are not cheap. They are actually pieces of malware and when you install them, you are actually installing malware directly onto your computer. Good anti-virus software can help, but so can the latest browsers like Internet Explorer 8 and Firefox 3. Each of them contain URL screeners that can determine whether or not a URL is malicious or hosting malicious content (this also works for the previous bullet point).
- Links to spam, usually pharmaspam – In one of the all time biggest disappointments, imagine wanting to check out your favorite celebrity and instead being served up with an advertisement for cheap Ambien. I would think that this wouldn’t work too well for the spammers because once people have their expectations violated in a less satisfactory manner (wanting one thing and getting another lower quality product), the emotions of disgust and anger kick in. People are less likely to be compliant to advertising when those two emotions are in play.
So, when the term “dangerous” is used in the cyber context when it comes to celebrities, the term does not refer to them being physically dangerous but instead dangerous to the health of one’s computer. The celebrity is used as a lure to get people into taking action that they might not normally take, and then systems under their control have been compromised. The most dangerous ones would be the ones with the most malware attached to them.
Celebrity harvesting is nothing new, spammers have been using their names in x-rated spam for years. In the case of Cameron Diaz, one in ten sites is a lot to be compromised which demonstrates that spammers/malware authors are quite successful at getting their products so widely distributed and search engines so highly compromised.