On the Internet, FREE is a Dangerous Four Letter Word

The wild, wild web is like any major metropolitan city. There are high-class neighborhoods, retail districts, theater districts, business centers, popular social areas, seedy red-light districts (in Boston we called this the Combat Zone), and bad, bad, BAD neighborhoods.

Depending on where you go, you may pick up a virus or get bonked on the head.

The Internet is the same.

As more consumers seek out more free entertainment online, cybercriminals are shifting their attacks accordingly. McAfee recently conducted a series of studies determining that searching for celebrities like Cameron Diaz can increase your chances of infecting your PC. McAfee’s new “Digital Music & Movies Report: The True Cost of Free Entertainment” also confirmed that your PC is equally vulnerable when searching the word “free.” This report reveals the significantly increased risk of fraud when including “free” and “MP3” in the same search query. And when you add the word “free” to a search for ringtones, your risk increases by 300%.

Cybercriminals lure users with words like “free” in order to infect their PCs with malicious software, which is designed to take over the infected computer and allow hackers full access to private files, usernames, and passwords.

To stay safe, avoid searching for “free content.” Stick to legitimate, paid sites when downloading music and movies.

If a website is not well established, avoid clicking links in banner ads.

Use comprehensive security software to protect against the latest threats.

Use common sense: don’t click on links posted in forums or on fan pages.

Use a safe search plug-in, such as McAfee® SiteAdvisor® software that displays a red, yellow, or green annotation in search results, warning users about potential risky sites ahead of time, and highlighting safe results.

Be aware that the more popular a topic, movie or artist is, the more risky the search results will be.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures

Cameron Diaz Named Most Dangerous Celebrity in Cyberspace

Cameron Diaz has replaced Jessica Biel as the most dangerous celebrity to search for on the Web, according to security company McAfee, Inc. (NYSE: MFE). For the fourth year in a row, McAfee researched popular culture’s most famous people to reveal the riskiest celebrity athletes, musicians, politicians, comedians and Hollywood stars on the Web.

The McAfee Most Dangerous CelebritiesTM study found movie stars and models top the “most dangerous” list this year while politicians like Barack Obama and Sarah Palin are among the safest.
Cybercriminals often use the names of popular celebrities to lure people to sites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of just trendy content.

“This year, the search results for celebrities are safer than they’ve been in previous years, but there are still dangers when searching online,” said Dave Marcus, security researcher for McAfee Labs.

“Through consumer education and tools, such as McAfee® SiteAdvisor® site ratings, consumers are getting smarter about searching online, yet cybercriminals are getting sneakier in their techniques. Now they’re hiding malicious content in ‘tiny’ places like shortened URLs that can spread virally in social networking sites and Twitter, instead of on websites and downloads.”

Cameron Diaz Searches Yield Ten Percent Chance of Landing on a Malicious Site
McAfee research found that searching for the latest Cameron Diaz pictures and downloads yields a ten percent chance of landing on a website that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

Fans searching for “Cameron Diaz” or “Cameron Diaz and downloads,” “Cameron Diaz and screen savers,” “Cameron Diaz and wallpaper,” “Cameron Diaz and photos” and “Cameron Diaz and videos” are at risk of running into online threats designed to steal personal information. Clicking on these risky sites and downloading files like photos, videos or screensavers exposes surfers or consumers to the risk of downloading the viruses and malware.

The study uses SiteAdvisor site ratings, which indicates which sites are risky to search for celebrity names on the Web and calculate an overall risk percentage. The top 10 celebrities from this year’s study with the highest percentages of risk are:

Position Celebrity
1. Cameron Diaz – Searching for Diaz results in a one in ten chance of landing on a risky site. She has most recently been in the spotlight with blockbuster movies, “Knight and Day” and “Shrek Forever After.” When “Cameron Diaz and screensavers” was searched, 19 percent of the sites were identified as containing malicious downloads.

2. Julia Roberts – Academy Award-winning actress Julia Roberts is one of America’s sweethearts, and will soon be in the spotlight with her upcoming release of “Eat, Pray, Love.” The overall risk of searching for Roberts is nine percent, yet searching for “Julia Roberts and downloads” results in a 20 percent chance of downloading a photo, wallpaper or other file laden with malware.

3. Jessica Biel – Last year’s Most Dangerous Celebrity fell two spots with searches resulting in fewer risky sites this year. Biel continues to be in the spotlight with her on-again, off-again relationship with Justin Timberlake, and appeared in “The A-Team” in June 2010. While her overall search risk is nine percent, searching for “Jessica Biel and screensavers” results in a 17 percent chance of landing on a risky site.

4. Gisele Bündchen – The world’s highest-paid supermodel moved up two spots since last year. Searching for “Gisele Bündchen and screensavers” can prove risky, 15 percent of the search results for this beauty can put spyware, malware or viruses on your computer.

5. Brad Pitt – Pitt is often in the spotlight with news of his movies and his personal life. It’s no wonder why this leading man has been in the top ten for the past three years. He moved up in rank five spots this year. Downloading photos, screensavers, or other files of Brad can potentially put adware or spyware in your computer.

6. Adriana Lima – Searching for downloads of this Brazilian beauty can direct users to red-ranked sites. Lima is best known for being a Victoria’s Secret Angel since 2000.

7. Jennifer Love Hewitt, Nicole Kidman – Searching for these Hollywood starlets resulted in an equal number of risky download websites.

8. Tom Cruise – With recent buzz around his MTV Awards performance as well as his movie, “Knight and Day,” Cruise rises to the top ten.

9. Heidi Klum, Penelope Cruz – Both of these ladies are consistently in the spotlight, and share the #9 spot. Cybercriminals use their names to lure people to risky sites. Klum hosts “Project Runway” and Cruz has been in the spotlight recently for her role in the “Sex and the City 2″ movie and is expected to be in the fourth film of the “Pirates of the Caribbean” series.

10. Anna Paquin – This “True Blood” star is as dangerous on the Web as she is on the screen. Searching for screensavers of Paquin can lead you to downloads filled with malware.

“Cybercriminals follow the same hot topics as consumers, and create traps based on the latest trends,” continued Marcus. “Whether you’re surfing the Web from your computer or your phone or clicking on links in Twitter about your favorite celeb, you should surf safely, and make sure you’re using the latest security software.”

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss celebrity identity theft” on CNBC. (Disclosures)

National Strategy for Online Identification

The Internet has become a fundamental aspect of most of our lives. It goes beyond social media, online shopping, and banking. Critical infrastructures like water, sewer, electricity, and even our roadways all rely on the Internet to some degree.

The Internet’s weak link is the difficulty in reliably identifying individuals. When online, our identities are determined by IP addresses, cookies, and various “keys” and passwords, most of which are susceptible to tampering and fraud. We need a better strategy.

Howard A. Schmidt, the Cybersecurity Coordinator and Special Assistant to the President, points to The National Strategy for Trusted Identities in Cyberspace (NSTIC), which was developed in response to one of the near term action items in the President’s Cyberspace Policy Review. The NSTIC calls for the creation of an online environment where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the infrastructure that facilitates the transaction.

The primary goal is to build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the nation.

The National Strategy for Trusted Identities in Cyberspace is a document released to the public for comment. The Department of Homeland Security has posted the draft at www.nstic.ideascale.com, and will be collecting comments from any interested members of the general public.

Offline, there are currently dozens of identification technologies in play that go beyond the simplicity of Social Security numbers, birth certificates, drivers licenses, and passports

These include smart cards, mobile phones, biometrics such as facial recognition, ear canal recognition, fingerprints, hand geometry, vein recognition, voice recognition, and dynamic biometrics among others. In a future post, we will go into more details on each. However, there is not a consistent standard in the United States to date. In the near future, we may be the adoption of some of these technologies to properly identify who is who.

Robert Siciliano, personal security expert adviser to Just Ask Gemalto, discusses Social Security Numbers as National IDs on Fox News. Disclosures