Search engine poisoning, social networking scams and fake anti-virus have been the top security threats in 2011 so far, according to security vendor Sophos. All three rely on social engineering to achieve their aims.
"High-profile hacking attacks against governments and corporations have dominated the security landscape in 2011," says the company's Security Threat Report: Mid-Year 2011 (PDF), but security issues that could pose a greater threat to businesses, governments and consumers are receiving far less attention.
"Web threats -- such as fake antivirus and SEO poisoning -- continue to be the top vehicle for malware attacks this year," the report says.
Search engine poisoning is the label for various search engine optimisation (SEO) techniques used to manipulate search engine results with malicious intent.
"Black Hat SEO techniques stuff legitimate websites with content designed to rank highly in search engine results and then silently redirect users to malicious sites," says the report. "The compromised results appear not just on regular web searches, but also on image searches."
"Black Hat SEO attacks are extremely effective," says Sophos. "A snapshot of the top malware we block on our customer web appliances shows that Black Hat SEO accounts for more than 30 percent of all detections."
The technique's success depends on a user's uncritical use of search engines to look for current news.
"The search engine is our gateway to the web. That’s why cybercriminals manipulate search results from sites such as Google, Bing and Yahoo to lure victims to their malicious pages," the report says.
Fake anti-virus remains a threat in 2011 after being one of the more persistent threats of 2010, says Sophos. "These attacks are now actively targeting Mac users," the company says.