Why is SEP the number one vector for malware?

SEP (Search Engine Poisoning) is the number one vector for malware according to Blue Coat's 2012 Web Security Report.  More people attempted to access malware through SEP than any other method in 2011.  Blue Coat also writes a lot about SEP in their security blog.  Some of the reasons SEP remains a popular choice among hackers include the breadth of reach (everyone uses search engines), how easy it is to infect search engine results, and the likelihood the end-user will trust the result and get infected as a by-product of selecting an infected search result.

One of the interesting things about Blue Coat's research is that celebrity searches and "big event" searches aren't nearly as dangerous as common search terms.  The reason for this is with celebrity and "big event" searches there's an overwhelmingly large repository of "good results" to choose from, it's unlikely a cyber criminal will get a hit, whereas a common every day search may have fewer results, and it's easier for a hacker to get a result on the primary results page.

So what's the solution to SEP?  Obviously an up to date web security gateway with real-time rating helps.  But also user training is important.  Users need to understand what looks like a bad URL, what looks like a shady site, and users also need to learn not to ignore warnings generated by the secure web gateway or their browser.   It may even help to use a safe search tool like k9safesearch.com in place of regular search engines.