Network News

X My Profile
View More Activity

Report Shows 7 Percent of Sponsored Links Dangerous

Clicking on a search engine's results of popular computer terms like "wallpaper" or "screensaver" remains a fairly risky endeavor when it comes to security, according to an updated study.

The second annual State of Search Engine Safety report from McAfee Inc. , found that roughly 4 percent of the most popular search results link to "risky" Web sites. That's a broad category of online pages that can offer Web searchers more than they bargained for. The results were a marginal improvement over last year's data, which pegged the level of risky search results at 5 percent.

The practice of unbridled clicking becomes riskier for Web searchers focused by so-called "sponsored results," the paid ads that appear alongside targeted search engine results, the company found. Nearly 7 percent of all sponsored ads brought clickers to risky sites, according to the study.

The study was meant to highlight McAfee's free SiteAdvisor tool. The free add-on for the Firefox and Internet Explorer browsers tries to give Web surfers a bit more intelligence about the safety of following links returned by the Web's top five search engines.

With the software installed, each search result listing is accompanied by a small color-coded, green, yellow, or red icon. SiteAdvisor occasionally will give a question mark to a site it hasn't developed an opinion about that site's security. A green check mark next to a result shows that the software hasn't encountered anything questionable about the site. McAfee grades sites with a yellow X to encourage a Web surfer to use caution. If a SiteAdvisor-aided search result earns a red X, McAfee has received reports of scammy, spammy or outright malicious activity emanating from the site.

In the searches ranked in this study, run through May 2007, nearly 7 percent of all sponsored results earned a yellow or red rating. Malicious sponsored links can be especially dangerous because all of the search engines evaluated in this study obfuscate the true or full name of the site consumers will be taken to after clicking. Normally, if a user hovers over a link with a computer cursor, it will display the destination site in the bottom left corner of a browser. But doing this with sponsored links in,, and usually leads to a gibberish link that pushes the name of the actual landing page out of the browser's viewing area. Google does not show any link in that area for sponsored link results.

The results are less troubling than those McAfee released this time last year, when risky sites accounted for 8.5 percent of all sponsored ad results for the most popular search terms. The company attributes the improvement largely to Google's "improvements in paid search safety."

I'd like to see a more granular breakout of sites that earned McAfee's red flag because the study lumps together outright malicious sites with those that merely link to sites with questionable practices, or those that spam users who signed up with their e-mail addresses. Also, consider that this study looked at the results of searching for some of the riskiest search terms or words associated with software that often are bundled with loads of spyware and adware.

By Brian Krebs  |  June 4, 2007; 10:52 AM ET
Categories:  Fraud , From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple, Mozilla Issue Security Updates
Next: High Court Ruling Could Be Boon for Retailers


Google should add a second "SafeSearch" setting to its preferences. How about a filter that removes sites Google itself has identified as malicious?

Injecting a warning page after clicking on suspects is nice but a true filter would help even more.

Posted by: Ken L | June 4, 2007 11:55 AM | Report abuse

I think the article failed to discuss what the "security risks" are of inadvertent clicking on bad or malicious links. Are we talking about invasive viruses and spyware, or hardware killers, or just being taken to sites one didn't intend to go to and risking unwanted fees, etc.? I've got two kids who have killed numerous computers with no apparent explanation, and they swear they didn't download anything scammy.

Posted by: Hartenstein | June 4, 2007 11:55 AM | Report abuse

The post by Hartenstein is valid - this story is pointless without an explanation of "security risks". Instead it appears the author gave more emphasis to a program developed by McAfee, which ironically puts out software that ranks near the bottom (next to Symantic products) of every legitimate antivirus benchmark.

What could happen to my computer if I click on one of these links?

Posted by: Dave K. | June 4, 2007 12:08 PM | Report abuse

Read the linked blog from 2006 - which full describes the sites and what they can do.

If you want to know what clicking will do, click on one.

Posted by: Anonymous | June 4, 2007 12:28 PM | Report abuse

Yeah, you guys could have just clicked on the link in the article where they explain what it does:

Posted by: Silent Ounce | June 4, 2007 2:48 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company