Search-engine spam targeting popular news items

Cybercriminals are leveraging Haiti and Chile earthquakes and other recent news events to poison Internet searches, according to McAfee.

Lance Whitney Contributing Writer

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.

See full bio

Lance Whitney

May 18, 2010 9:42 a.m. PT

2 min read

The earthquakes in Haiti and Chile, the Toyota recall, and Apple's iPad are just some of the search terms that cybercriminals are using to corrupt search-engine results, according to McAfee's first-quarter Threats Report released Tuesday.

Following a significant rise in search-engine spam last year, the bad guys are adopting the latest items in the news to trick search engines into indexing links that lead to malicious Web sites, the report says (PDF). Like other professionals, cybercriminals use analytics and page ranking to determine the most popular search terms to use to capture their victims, a trend that was prominent in the first quarter of the year.

But many other types of spam and malware also kept security vendors and users on their toes at the start of 2010. USB devices took center stage as the most common way of spreading malware, said McAfee. These infections are triggered by the "AutoRun" feature when a USB drive is plugged in, a popular strategy among cybercriminals due to the ubiquity of such portable devices.

One active category of malware for the first quarter was the AutoRun worm found on USB drives. — One active category of malware for the first quarter was the 'AutoRun' worm found on USB drives. McAfee

Password-stealing Trojans that grab bank account information were another common threat, with the current variations targeting users on Facebook. Scareware, or malware disguised as antivirus software, peaked during the third quarter of 2009 but remained at a high level during the first three months of 2010. As scareware tries to convince users to pony up money for the fake software, McAfee believes this threat may prove to be one of the costliest online scams in 2010.

Though down from their peak, scareware levels remain high. McAfee

After falling and rising last year, spam volume has grown to its levels from mid-2008, just before the takedown of the McColo spam host in November of that year, noted the report. Between January and March, an average of 139 billion spam messages bounced around the Internet each day, representing 89 percent of all e-mail traffic.

During the first quarter, the most popular type of junk mail was for pill and male-enhancement products, which made up more than 71 percent of all spam traffic. More generic types of offers accounted for 10 percent of spam, while e-mails pitching educational degrees and personal ads took up the slack at 2 percent of all spam traffic. During the quarter, China, South Korea, and Vietnam were responsible for the greatest amount of diploma spam, which tries to sell fake diplomas and other documents to help people find jobs.

Thailand, Romania, the Philippines, India, Indonesia, Colombia, Chile, and Brazil also saw a larger number of malware and spam attacks for the quarter, which McAfee believes is due to a growth in Internet use combined with a lack of security knowledge in these regions.

The overall growth in malware did level off year-to-year in the first quarter of 2010, showing reduced numbers compared with the first quarters of 2009 and 2008. But McAfee still believes the total amount of malware for this year will at least be as high as it was in 2009.