Fans searching for Brad Pitt, Brad Pitt downloads, and Brad Pitt wallpaper, screen savers and pictures were shown to have an 18 per cent chance of having their PCs infected with online threats, such as spyware, spam, phishing, adware, viruses and other malware.
Cybercriminals are using A-listers' names and images, like Beyonce and Justin Timberlake, to lure internet users who surf the web for the latest gossip, screen savers and ringtones to fake websites that look legitimate.
McAfee's report showed that actors Brad Pitt and Justin Timberlake are the most dangerous men to seek on the internet, while Beyonce and Heidi Montag top the list for women. Paris Hilton, who was 2007's most dangerous celebrity, is noticeably absent from this year's list. Also absent is Britney Spears who was ranked no.4 in 2007.
The reason for this change is not surprising: cybercriminals will use the most effective bait to lure unsuspecting web users. Given the comparatively short shelf-life and the of many celebrities, and the way they move in and out of fashion, those trying to create online havoc have to keep up with who's hot and who’s not and make sure they’re using the most enticing names.
The last McAfee study on dangerous celebrities showed that Paris Hilton, Amy Winehouse and Cristiano Ronaldo were the people who posed the greatest threat, which is unsurprisingly driven by their popularity at the time and they way this interest drove people to look for them on the web.
It's certainly no coincidence that Paris Hilton's time at the top of the list of risky cyber-celebs was when her time in jail in the real world was putting her on the front pages of the tabloids and everyone wanted to know what would happen next.
These findings are interesting for anyone with a desire to know all that's going on in the lives of the rich and famous but also highlight how social engineering continues to be the top tactic deployed by those wishing to trick people into opening infected attachments and downloading malware files. It's a simple trick but one that is easy to fall for if you’re not expecting it: "this is something you want, open it... ha ha, got you!".
These days, celebrities play a leading role in the media: not only are their lives and loves covered in-depth in a range of publications but their images have become an industry in their own right. From ringtones, to screensavers, to videos and images, there's something for everyone. Our desire to get as close to the famous objects of our affection can easily put us at risk, particularly if our curiosity is stronger than our in-built sense of caution.
This trend was seen to evolve earlier in the year when a group of spammers moved away from trying to trick people into clicking links by claiming they were of images relating to real life events to making up their own over-dramatised version of reality.
Subject lines used by this group, aimed at those interested in everything from celebrities to politics, include "Britney found hanged in locker room", "Eiffel Tower damaged by massive earthquake" and "Lastest! Obama quits presidential race". This social engineering technique plays on people’s inquisitiveness in news of natural disasters and celebrities. The emails also follow the simple format of some text and a link that looks fairly harmless to the uneducated user.
Of course, social engineering, the art of tricking people into doing something by dressing it up as something else, is nothing new. In February 2001, one of the biggest examples of celebrity-based social engineering was witnessed, when the Anna Kournikova virus hit email users across the globe.
People were tricked into opening an attachment that claimed to contain pictures of the well-known tennis star but on doing so, there were no photographs - just malicious code that infected machines and spread to others, clogging up email servers in the process.
This internet-based email worm, while not the kind of thing we continue to see so often these days, really showed how our interest in celebrities could be leveraged by those trying their hardest to ensure that their malicious code created as much of a stir as possible.
Obviously, the world of celebrity is a fickle one and the Russian tennis player is no longer the celebrity everyone wants to know about. As a result, sending out malicious code disguised as an image of her will have considerably less impact than if it is claimed that they are images of the person on the front of every tabloid paper.
Cyber criminals know our weak spots, from our interest in celebrities to our desire to be rich, feelings of sympathy for those in trouble, and will turn them to their advantage in order to have the desired impact, whether that's tricking us into getting infected, giving out personal information, or replying to or forwarding an email.
So what does this really mean? Well whether celebrities, sport or politics are your passion, the internet is an incredible source of information. All these topics have been used by the perpetrators of cyber crime to try to achieve their goals but that doesn't mean that the internet has to cease being the preferred source for the latest stories and pictures.
What this does mean is that some consideration is required before clicking to download or open files, or giving away information requested, even if it's come in an email that seems to be personal to you.
It can be hard to tell from looking at a website whether it is legitimate or not, but there are systems which evaluate the reputation of a site when you search for a particular topic in a search engine, giving it a rating, depending on how safe it is.
Traditional security tools will also help to protect you, alerting you to any malicious files when you try to download them and anti-spam technology will block much of the internet junk mail that could have sinister ulterior motives.
There's also a need to think about what you're doing and to be just a little bit cynical - while threats like the Anna Kournikova virus are few and far between these days, if you get an email telling you do download something, send your information or respond, and it's not a message that you expected, then err on the side of caution and ignore it.
