You heard it right: According to a recent security report, Internet users are 182 times more likely to get a virus from clicking on online ads than visiting an adult website. At first glance, this sounds extremely counterintuitive (and it is). In theory, wouldn’t your risk go up when visiting shady sites?
Yes and no.
The bottom line is that the people who write malicious software are black market businessmen. It costs time and money to create an effective computer virus, and the creators are most interested in maximizing their return on investment. This means targeting websites that attract the most users, so a virus can reach the widest audience possible.
This does mean that some malware is still delivered through porn or counterfeit software sites. But as this study points out, malware writers are increasingly targeting high traffic mainstream websites, like search engines and online gaming sites. In the case of search engines, this allows criminals to leverage hot ticket news items to take advantage of a surge in keyword traffic. For example, a series of new exploits was discovered after Oracle issued a patch for its Java software in early January. Virus writers disguised their sites as a legitimate Java update website, so malicious content appeared in search results for anyone who typed in the terms “Java” or “Java update.”
Sites most likely to deliver malicious content:
Wait, why aren’t these legitimate websites keeping me safe?
The unfortunate reality is that many websites make a living through third-party advertising, which is more easily compromised than the website itself. This means that the malicious content is not native to the website–it is hosted somewhere outside the website’s defenses.
On other top ranked sites, especially social networks, the problem lies within the links shared–not with the actual site. This means that a lot of the burden for keeping PCs and mobile devices safe is shifted from the people managing the sites to all of us as consumers, making it even more important that all of us keep our security software up-to-date.
A few additional best practices to keep in mind:
- Don’t Click That: Links in email, Tweets, Facebook posts, and online ads are the #1 way hackers distribute malicious content. Never click on a third-party ad on any site, and avoid clicking on links shared through social media even if you know the source. You can also use McAfee SiteAdvisor software that comes with McAfee All Access (for your PC, Mac and Android devices) to stay one step ahead of malicious links, which adds rating information to your search results to identify risky sites.
- Stay Current: Regularly check trusted websites and blogs to stay up-to-date on the latest threats. Share new information with friends, family, and colleagues to help them to steer clear of new scams. One great way to stay ahead is by following McAfee on Twitter and Facebook, where we publish daily updates on trending security news and threat information.
- Report Criminal Activity: Always report stolen finances or identity theft to http://www.ic3.gov (the Internet Crime Complaint Center) or the Federal Trade Commission at http://www.onguardonline.gov/file-complaint.
For more information on Cisco’s annual security report, you can read the full PDF version here. In addition, be sure to follow us on Facebook and on Twitter with @McAfeeConsumer to stay up-to-date on the latest threat information.