Try These Search Terms If You Want Some Malware

Computer virus company McAfee has assembled a list of the top search keywords that are most commonly linked to malware exposure. The winning phrases are: word unscrambler, lyrics, myspace, free music downloads, phelps, game cheats, printable fill-in puzzles, free ringtones and solitaire. In addition, the general categories that are considered riskiest are: screen savers, free games, work from home, Olympics, videos, celebrities, music and news.

So, how do you protect yourself from malware?

Here’s a list of 5 things you should never do.

IE8 has been shown in at least one study (funded by Microsoft) to be the most effective at intercepting social-engineering phishing sites—those kind that try to trick you into entering sensitive data—but the malware described above is usually triggered invisibly with no interaction required by the visitor, other than just going to the page to begin with.

Here’s a new report from Google covering the top 10 malware source sites from the past two months. They suggest you use a browser like Firefox or Chrome that relies on their own Safe Browsing API.

And here’s a great post from Lifehacker on software you can use to remove malware from your computer.

“What are the most dangerous search terms on the Internet?” [CNN]


Edit Your Comment

  1. downwithmonstercable says:

    Gotta hand it to those malware/spyware people, they’re smart. What better way to target the most susceptible demographic (13 year old girls who barely know how to use a computer other than check Facebook) than to make Michael Phelps a spyware keyword…

    • Kelly Mitchell says:


      Not necessarily… some 13 year olds are way more advanced than say, a person in their 50s. Whenever I’m up against someone who’s done something nasty with their computer, it’s usually an older person without much computer experience who is click happy.

      • Xkeeper says:


        In reality, it’s both. There are the advanced users, sure, but the vast majority of users from all ages can be completely clueless.

        I do a lot of “friend tech support” among family and friends I know, and the ages of the people screwing things up varies a lot. No particular age group is really “more suspectible” to any of this crap.

        Also, honestly, is there any point to saying “A study by Google said you should use Google’s browser APIs”? Same with the Microsoft one. Of course they’re going to say that crap.

  2. Yankees368 says:

    Olympics and Phelps? How the heck do those two search terms fit in with the rest?

    • pecan 3.14159265 says:

      @Yankees368: It doesn’t have to fit in, it’s that people started searching vehemently for anything related to Michael Phelps, and malware people jumped on board the train to spread their poison.

    • Jonbo298 says:

      @Yankees368: Malware companies/people go for what is popular and suckers are born every second.

  3. Hooray4Zoidberg says:

    I used to do spyware research about 4 years ago, and I found that pretty much any domain that starts with the word “My” is probably going to have malware. And should avoided like the plague.

    For some reason malware vendors concluded that computer illeiterate people tend gravitate towards personalized things like mywebsearch and myphotopage and mysmileyfaces etc.

    Myspace rose out of those same ashes of crappy websites, although they were never a malware site specifically, they sure as hell aided in the distribution of it, via their poor coding and multiple exploits in the earl days. They were also rife with bouncy “You won” adds and smiley face banners that almost always installed some adware. I still shake my head at how that site became such a phenomenon.

    • downwithmonstercable says:

      @Hooray4Zoidberg: I’m surprised myspace became popular too for how crappily it’s designed. Tons of annoying ads all over the place, horrible server reliability, slow speed, etc. I guess it just really filled a void of social networking that people wanted.

      • ellastar says:

        @downwithmonstercable: Firefox and Adblock Plus were a lifesaver when it came to Myspace’s annoying ads, though it did take a bit of configuration at first since some would slip past the filter. As much as I dislike Myspace recently, I dislike it even more when I go on it without any kind of ad blocker. Perfect for those tweens I guess, with all their “See who your crush is now!” ads.

  4. labeled says:

    After recently giving our old computer the boot (no pun intended, as it was a handmedown without the orig. windows discs so I couldn’t reformat) due to a nasty bit called virut (scribbler, virux, et al) I am SUPER fucking paranoid about every site & run no less than 3 separate virus scans every other day, plus multiple spyware/malware scans. +1 if I happen to go to a new site, or one I haven’t visited since the infection.

    The worst part is after researching it, there just isn’t any good way to protect ourselves.

    I miss the days of “don’t download anything funky, you’ll be fine.”

    • FLConsumer says:

      @labeled: There’s always linux or Mac. Safe, for now. The unix core does also provide additional security not found in Windows’ archaic patchwork code.

      • labeled says:

        @FLConsumer: Yeah, true enough. If wishes were horses, I’d be typing on a comparably-priced mac instead of dell.

        • lannister80 says:

          @labeled: You can install Linux on any PC, FYI. And I do mean ANY.

          • Hooray4Zoidberg says:

            @lannister80: Firefox is a pretty safe deterrent. No version of IE is every really secure, even after patching. I’ve only seen a handful of things infect via FireFox and those exploits have almost all been patched. The old, don’t download anything funky rule still applies though.

            If you’re really paranoid and/or like downloading funky apps I’d suggest virtualization. You can get vmware converter and vmware player for free these days. Make a virtual copy of your computer and do all your surfing in vmware. If you get anything funky it’s all contained in the virtual machine, you simply revert and it’s like it never happened. We used to use it for malware research because you can infect a machine like nobodies business, then simply revert back to a clean snapshot with impunity.

          • labeled says:

            @lannister80: If I get reinfected, I will consider this. (Right now… I’m feeling like a very old dog.)

        • FLConsumer says:

          @labeled: Depends on what you’re using/buying. At the time the Macbook I’m currently typing this on was about $300 cheaper than the equiv. Dell laptop. And the Dell laptop wasn’t anywhere near as well built.

          As an aside, we’ve stopped using Dell laptops at my office due to quality control issues. It’s Lenovo primarily, a few Macbook Pros floating around for fun.

        • layton59 says:

          @labeled: For those who care poster-labeled was referencing the old saying “If Wishes Were Horses, Then Beggars Would Ride.” Kudos to him/her, you don’t hear that one near enough today. Maybe an update would be “If Wishes Were Cars, Then Beggars Would Ride.”

          On the computer virus/malware topic, I did have a problem with ROBOFORMS (which I do not have or use) giving me a robobugs error in a pop-up box. That was due to Citibank’s virtual credit card program triggering it on some web-sites I visit. I was able to fix the ROBOFORMS. A separate issue is I am unable to get rid of VIRTUMONDE thing on my computer. Spybot says it is there, but Spybot can not remove it. WTF??????

    • lannister80 says:

      @labeled: Just use Firefox. Problem 99% solved.

      • FLConsumer says:

        @lannister80: I don’t know if they’ve fixed it but I have seen Google’s Chrome let spyware in through it’s compatibility with ActiveX. Firefox is the only browser I install in the office. IE’s still available but very well hidden from users until they absolutely need it.

        • mac-phisto says:

          @FLConsumer: i wish i could do that – most of the gateways related to my workplace don’t code for FF, so i’m stuck with an office full of IE users. i tried getting them to use one browser for work & one browser for not-so-work, but that’s nigh impossible when the tech level is WHY ARE MY CAPS ALWAYS ON? CAPS LOCK? WHAT’S THAT?

    • SupremeCourtNominee_GitEmSteveDave says:

      @labeled: Hopefully you are using at most TWO programs. Multiple virus/spyware programs running on top of each other interfere with the others and lessen your chance of finding things.

      My best suggestion would be to run Firefox w/an addon like NoScript, which prevents a site from running any scripts unless you manually say the site can run scripts. So no longer will you get the forever forwarding/re-directing problems. It’s a pains sometimes, but I’d rather push a button twice a day than an island exploding, if you know what I mean.

    • PlanetExpressdelivery says:

      @labeled: I can attest to dealing with Virut. There are numerous variants of the virut virus, some of which are called scribble. The problem stems from the fact that Virut has a tendency to “misinfect” files which prevent them from running. Symptoms are actually a good sign, because Virut can run in the background with little to no sign of infection unless it downloads a malware payload to your computer. Virut is designed to steal passwords and banking info so using an infected computer for anything sensitive is a big no.

      Virut will infect almost every .exe, .html, and .scr (executables, html, and screensaver files). A complete reinstall is recommended, since Virut can reinfect with a single corrupted file.

  5. punkrawka says: is a very thorough lyrics website that’s actually reliable and malware-free if anyone wants that as a helpful reference. I stopped googling the word “lyrics” years ago.

    • labeled says:

      @punkrawka: Thx for the rec. With two teens and a tween in our house, I’d suspected a lyrics site as the culprit in our recent infection.

    • korybing says:

      @punkrawka: Yeah, no joke. “Lyrics” is the magic word for finding the sketchiest sites on the internet that don’t involve naked boobs (although many of the ads on said websites DO have naked boobs).

    • HogwartsAlum says:


      Thank you for this. I’ve been looking up lyrics because I can’t understand people on my albums. It could be my hearing is going. That’s what I get for blasting my music so much as a kid.

  6. FLConsumer says:

    Where the hell are the porn search terms? The only time users in my office get their laptops infested with spyware is when they’ve been off browsing for porn. The last few systems I’ve worked on show that the users were prompted to download special codecs or special players to view the videos, thus enabling the spyware and viruses to roost.

    While cleaning up a porn’d/spyware’d/virus’d-to-hell computer is a PITA for me, it’s the ultimate job security. Discretion has always been my modus operandi with these issues and a good number of people in the office have a lot at stake to ensure my continued employment. :)

  7. Gaambit says:

    I can’t help but think of Bender right now…
    “Funderful? Non-alcoholic? Antiquing?…” BOOM

  8. Fineous K. Douchenstein says:

    They really should compile the “5 things you should never do” into 1 thing.. Don’t download fake junk. Period.

  9. mac-phisto says:

    consumerist, are you spying on me? i just spent an entire day trying to root a worm out of a co-worker’s computer. nasty little bug – shut down web browsing completely, disabled anti-virus, disabled windows update.

    anyway, i’m a little disappointed in that 5 no-nos list. for one, it’s all “don’t download the fake _____. ” uhhh…i’m pretty sure if my co-worker knew it was fake, she wouldn’t have downloaded it.

    here’s my best tips to combat malware:
    1) don’t open ANY unsolicited attachments in email – even from people you know (especially if the subject says FWD). better yet, tell your friends/family members to stop emailing you stupid chain letters.
    2) stay on trusted sites. add regulars to your trusted site list & hike your browser security way up.
    3) re-enable those annoying auto-prompts for downloads that you disabled b/c they were annoying.
    4) use anti-virus software that also features a site-scanner.
    5) (& most important…seriously, i can’t stress this enough) READ!!! i’m so freakin’ tired of people just clicking “OK” whenever a dialog box pops up on their screen.

    • SupremeCourtNominee_GitEmSteveDave says:

      @mac-phisto: Conficker? I repaired a computer about two weeks ago that had it and had MANY of the symptoms you described. It passed the “Conficker EyeTest” website, and McAfee said there was no problems. Then, a random “cleaning program” popped up asking me for 49.99 to clean the computer. After some searching I found this was one of the latest Conficker tricks, so I loaded up AVG and deleted McAfee, and after two scan for everything scans, it was clean and everything was A.O.K.

      • labeled says:

        @SupremeCourtNominee_GitEmSteveDave: My money’s on virut. Rotten, rotten, rotten.

        I also think it shot Kennedy & kicked my dog yesterday.

        • mac-phisto says:

          @labeled: after reading about virut, i would have to say that sounds pretty close. & after reading the breakdown, i’m going to have to do a more thorough dissection to make sure the remnants are gone.

          god i hate blackhats. why can’t they do something productive already?

          • labeled says:

            @mac-phisto: I hope it isn’t, for your network’s sake. It replicates across memory, infecting every damned executable that you open. Hence, immediate disabling of your anti-virus/spyware, which is usually one of the first things to load. For me, it took over a number of processes in my “services.exe” and by the time it cranked itself up (just when I thought I’d beaten it by deleting a ton of cracked registry keys, killed all instances of the reader_s.exe, etc) it was trying to send encrypted information out to several domains in eastern Europe and Asia.

            yay. Fun. Assholes. (Sorry, it’s like I’ve got virus-generated Tourette’s.)

      • mac-phisto says:

        @SupremeCourtNominee_GitEmSteveDave: i’m not quite sure what it was yet – win32.zafi/b or variant – whatever it was, it was a bitch. i tried installing FF to download some anti-malware tools & it blocked the install, it blocked malwarebytes install – it even shut down hijackthis when i tried saving a logfile. i finally rooted out a registry key that let me get tools working (it was in app data/google/somethingorother) & after a round of safe mode scans & reboots, we’re all better (i hope).

        i’ll be running full system scans for the next week to make sure. YAY!

        • SupremeCourtNominee_GitEmSteveDave says:

          @mac-phisto: For some reason, my Conficker let me install AVG. I disabled any processes that were skeevy and ran a full scan. After a reboot, it let me access the Windows Update site and I applied ALL patches+fixes, rebooted and ran AVG again. This was the second computer where MCafee dropped the ball.

        • SupremeCourtNominee_GitEmSteveDave says:

          @mac-phisto: @labeled: Nothing beats Conficker installing it’s own “Anti-spyware” program and trying to get me 49.99 to get rid of it. Balls of silicon. :)

          • labeled says:

            @SupremeCourtNominee_GitEmSteveDave: As I’ve said about virut: At least they’re using their evil genius for evil and not just to be assy & make Grandma’s IM’s curse at everyone. (Honestly, that was one FUNNY damned virus, but it drove her crazy. She’d open an im window, and it would send some random string of cursing.)

        • labeled says:

          @mac-phisto: Googled that one (win32.zafi) and found *numerous references to that being a fake alert/trojan name created by a spyware program called Perfect Defender, that is itself malware.

          Just a quick question – have you come across reader_s.exe or any odd B1.tmp or really, any odd .tmp’s running under task manager/processes?

          (Note, not reader_sl.exe, which is a legit -annoying- app from Adobe’s updater, but reader_s.exe.)

          • mac-phisto says:

            @labeled: actually, the weird thing about this one is that it doesn’t seem to have _any_ out of place processes in the task manager. everything was legit, so as far as i can tell, it was masquerading as a legitimate process.

            win32.zafi is “fake” as far as i can tell, but whatever malware that creates the program that says “you’ve been infected by win32.zafi” isn’t. i don’t know – it sounds a lot like vundo, but i’ve dealt with that before & this seems so much more, i dunno, robust, hard to kill.

            • labeled says:

              @mac-phisto: Yeah – that could still be virut – once it doesn’t need reader_s or the tmp’s anymore, it runs very happily on your normal processes, which is part of what makes it such a rotten bitch.

    • dohtem says:

      @mac-phisto: It’s amazing the people that take offense when you ask them to stop sending you chain mail.

      And how people don’t think twice about a new search bar that mysteriously pops up in IE is just crazy. “I dunno, I just noticed it there one day.” :(

  10. CreativeLinks says:

    Or just download Firefox and install the “noscript” plug-in.

    • SupremeCourtNominee_GitEmSteveDave says:

      +1,000,000 on that. I have it installed on ALL my computers and even though it annoys people in my office, we have been virus/malware free.

  11. lalaland13 says:

    Thanks for this. I wanted to find out what the hell Karen O was saying, and now I get pop-ups for “My name is Bob and I made $5,000 sitting at home!” It’s bullshit. I will be using some of these tips to get rid of this when I get home. And should I ever want to understand some lyrics, I’ll just make up what I want them to be saying and forget trying to know for sure. Not worth it.

    • faust1200 says:

      @lalaland13: I love the Yeah Yeah Yeahs!!! Karen O is amazing. +1 for NoScript. Think of NoScript as a condom and the internet as the Thai whorehouse. lalalaland, it sounds like your browser may be hijacked. Hijackthis! is a great little tool but it’s really not for novices.

  12. rickatnight11 says:

    Perhaps you should correct the article to say “computer anti-virus company, McAfee…”.

  13. tsume says:

    @labeled: Virut sucks! I work remote tech support and that’s got to be the one virus we can’t fix. Even as an escalation technician, there’s just no way to eradicate it and be sure it’s gone because of the way it works :(

    • labeled says:

      @tsume: Awesome, amirite?! I’m sort of darkly glad to hear I’m not the only one that’s come across it. Early adopters ftw!

      Actually, in over 15yrs of internet use, it’s the one and only virus I’ve ever had. Ever. Figures.

      • mac-phisto says:

        @labeled: i got the chernobyl virus (CIH) back in 1999. that SUUUUUCCCCKKKKED! 3 weeks before finals in my sophomore year of school – i had to rewrite an entire semester worth of final papers that year.

        the worst part about chernobyl is that it corrupted your BIOS, bricking your computer for good (unless you knew how to re-chip the mobo, which i didn’t).

  14. labeled says:

    Also, why am I so darkly tempted to search “word unscrambler” now? I mean, word unscrambler, really?

  15. Zegridathes says:

    If you’re really paranoid about your casual internet browsing, you can always grab a copy of virtualBox [] , put a low-system requirement flavor of linux on it (or windows/macos if you have extra licenses) and browse from what would essentially be a separate computer (virtual machine) in your computer (xzibit jokes not withstanding.)

    Just make a clean master copy after you get it set up, then anytime you think you’ve run afoul of something you can blow the current one away and start from a fresh copy.

    • Batmanuel says:


      I usually use virtual PC for when I go exploring in the dark parts of the interwebs. Virtuaization is your best defense against malware.

    • target_veteran says:

      @Zegridathes: This is really the correct answer, and the one I use every day. Vbox is a godsend on Linux. I started looking into it because iTunes just doesn’t quite work in Wine, and I find myself loving having a safe zone.

      Then again, full disclosure, my computer is significantly higher on the RAM scale than most desktops, so it’s not a perfect solution for many.

  16. salvatorecondegni says:

    use for anything videogame related. The site has codes, faqs, message boards, and game saves for just about every game ever made.

  17. Xkeeper says:

    I’m actually pretty curious that I haven’t stumbled upon any anti-virus tools that create a bootdisk that scans a Windows installation on any harddrive for viruses. Avast! is pretty good in that regard (you can schedule a boot time scan), but that requires you get the damn thing installed in the first place… and that isn’t always the case. A particularly nasty virus could always just hijack a virus scanner before it even gets going by taking over some required system functions.

    An externalized scanner that could be downloaded and burned from a seperate, secure PC would be great. Hm.

  18. faust1200 says:

    Even if you play by the rules, there’s still this: Microsoft has recently been silently installing an add-on into Firefox with their .NET framework updates that could allow unauthorized software to be installed. []

  19. ZManGT says:

    I just wanted to let everyone know of one of the greatest programs I have ever seen that gets rid of Malware. It’s called Malwarebytes and is available at [] Great program and they have a forum where you can post your problems and they will work with you to get it resolved. Really top notch.

    I sound like a spokesmen for them but really they have saved me alot of time with their program so I wanted to promote them.