Cameron Diaz tops malware bait list

Computerworld - Cameron Diaz is the most dangerous celebrity on the Web, antivirus company McAfee said Thursday.

Search strings using Diaz's name have a one-in-ten chance of coming up with a site infected with or spreading malware, said Dave Marcus, McAfee's director of security research and communication. Search for "Cameron Diaz and screensavers," and the risk doubles, Marcus added.

As it has for the last three years, McAfee compiled search phrases that contained names of prominent celebrities, professional athletes, politicians and other newsmakers, then calculated the percentage of the resulting sites tagged as dangerous by the company's SiteAdvisor software.

SiteAdvisor is a free plug-in for Microsoft's Internet Explorer and Mozilla's Firefox that flags risky sites -- those serving up malware, adware, spyware and the like -- in a search result list.

Diaz replaced Jessica Biel, last year's top name bait. Biel fell two spots to third on McAfee's list this year.

Actress Julia Roberts placed second on the Most Dangerous list, while supermodel Gisele Buendchen took fourth. Brad Pitt, the highest ranking man on the list and one of only two on the top 10, held the fifth spot.

"It's a simple fact. The bad guys read the same news as the good guys," said Marcus as he explained why some celebrities ranked higher than others. He attributed Diaz's prominence to the fact that McAfee's list was composed around the time when she was in two currently-showing films, "Knight and Day" and "Shrek Forever After."

Attackers and scammers trade on the names of prominent people and topical events to dupe users into visiting malicious sites, to open malicious e-mails, and to click on malicious links embedded in Twitter messages, said Marcus.

"Dangerous searches relate to the news of the day," he said. "In 2008, politicians like President Obama and [former Governor] Sarah Palin were the most abused. We expect politicians to be abused in the future."

Obama was at No. 49 on McAfee's list this year, while Palin was right behind the president at No. 50.

Others on the dangerous list included tennis player Andy Roddick (No. 14), and singers Lady Gaga (No. 37) and teenager Justin Bieber (No. 46).

"We're not saying stay away from searching for celebrities like Cameron Diaz," said Marcus. "We're saying be aware of the broad use of their names, and know that criminals are looking for a way to social engineer you, and this is the type of attack they'll use."

McAfee released the fourth annual most-dangerous celebrity list Thursday just minutes before it announced Intel was buying the company for nearly $8 billion. Before the interview with Marcus, a McAfee spokeswoman made it clear he would not take any questions about the acquisition.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

Read more about Security in Computerworld's Security Topic Center.