In-Depth

Security: In Praise of Common Sense

A new report from McAfee underscores that if users are successfully initiating celebrity-themed Web searches, IT hasn’t done its job.

• By Stephen Swoyer
• 09/01/2009

For the third year in a row, McAfee has published its blacklist of celebrity names – those names most likely to be exploited by spammers, malicious attackers, unscrupulous Web site designers, and others who front-load search engines with popular keywords. Unsuspecting users who initiate searches using these names click a link and are catapulted into malware.

Increasingly, McAfee researchers say, attackers have gravitated toward celebrity-themed keyword combinations. Terms such as “Cialis” or “Propofol” are effective, of course, but -- as the success of celebrity-themed botnets like The Celebrity Storm Gang and the Celebrity Spam Gang demonstrates -- the promise of celebrity images or videos can be an extremely effective trapping tool.

If the McAfee list is accurate, the promise of images or photos of one celebrity in particular -- viz., actress Jessica Biel -- is all but irresistible.

McAfee dubbed Biel “the most dangerous celebrity in cyberspace,” citing her popularity among spammers (among others). She’s so dangerous, according to McAee, that users who initiate searches using a Biel-themed combination (for example, “Jessica Biel wallpaper") have a 20 percent chance of landing at a bogus site that’s used as a clearinghouse for spyware, adware, spam, viruses, or other vulnerabilities.

One lesson of this report is that there’s no reason users should be searching for Jessica Biel in an enterprise setting. It isn’t simply a question of lost or squandered productivity, McAfee officials stress; it’s an issue of IT having taking common sense steps to restrict a user’s ability to introduce problems. If users are successfully initiating Jessica Biel-themed searches, IT hasn’t done its job.

McAfee has the prescription for this problem, of course, including a collection of desktop, gateway, filtering, and other endpoint security technologies; Symantec Corp., Trend Micro Inc., CheckPoint Software, and dozens of other vendors market similar offerings. In other words, there’s no shortage of solutions.

There might be a shortage of common sense, however. A recent Gartner assessment of the July 4th distributed denial of service (DDoS) attacks that targeted (mostly government) Web sites in the United States and South Korea flagged a chilling fact: the attacks in question (which crippled some sites for days) weren’t sophisticated. For example, the packet storm activity that they generated wasn't overwhelming and (more to the point) they used recycled code which was at least four years old.

The attacks were successful, wrote Gartner analyst John Pescatore, because “businesses … failed to recognize that preventing impact is simply part of the cost of doing business on the Internet.” With respect to DDoS, Pescatore observed that protection “is widely available” -- and chided companies (particularly those that depend on the Internet or on Web connectivity for their livelihoods) for not having taken the appropriate steps to protect themselves.

The same is true, McAfee researchers observe, when it comes to safeguarding against risky Web searches.

They point to McAfee’s desktop security package (“Total Protection”) which also bundles the company’s SiteAdvisor technology. (SiteAdvisor purports to “test and rate” publicly available Web sites. Depending on how it’s configured, it can proactively restrict access to questionable known-bad sites.) McAfee competitors Symantec and Trend Micro market similar all-in-one desktop security packages. In addition to their desktop- or consumer-oriented security suites, these players market a dizzying array of applicable endpoint security products, including Web filtering software, Web content gateways, and managed Web security services.