If celebrity searching has become something of an online sport, the extreme games version has to be naked celebrity searching. Not least because the promise of a naked Lindsay Lohan or Sandra Bullock could land you in some very dangerous territory indeed. Stick with me, and I’ll try to explain.

We all know that hackers love to compromise perfectly legitimate websites and use them to hide malicious payloads and scams under the radar as it were. Now the eSoft Threat Prevention Team has detected a new scam which would appear to involve more than 3000 websites.

And the naked Lindsay Lohan connection? Well eSoft CTO Patrick Walsh told me earlier today that the attackers in this case are “going after nearly every celebrity you can imagine from Sandra Bullock to Lindsay Lohan and hundreds of others” by primarily targeting pornographic search terms. The bad guys are using poisoned keyword searches that involve naked celebrities and porn stars, sex parties and some stuff that I cannot mention here for fear of breaking our own rules on being offensive.

The thing is you can innocently search for Lindsay Lohan nude, well as innocently as any search ever can be of course, and end up courtesy of these poisoned results on some page hosting a rogue anti-virus scam. Patrick Walsh explains that “Hackers create networks of hacked and fake sites that link to a target site. These links cause the search engines to think the target site is popular and to move it higher in the search results.  The terms used in and around the links determine the keywords that lead to the search result. In this way, hackers get people to click through to their target site, which is typically malicious.”

In the case of this current attack, most of the infected pages would appear to be pushing people in the direction of some rogue anti-virus scam going by the name of Antivirus Plus. eSoft reckons that, based on the variety of platforms and web servers involved, that the sites would have been compromised thanks to the use of stolen FTP credentials.

It’s not the first time that naked celebrities have been abused by the bad guys, most often they are favoured subject lines for spammers and can also be found luring punters to non-existent videos that trigger malware downloads in the guise of player and codec software updates. It’s not the first time that rogue anti-virus software has reared its very ugly, and very expensive, head either. Nor is it a debut for poisoned SEO tactics, or even obfuscated JavaScript and compromised host sites. However, it is the first time I’ve come across this particular combination all being used together in such a compromise and impacting upon so many separate websites.

My advice? Think twice before searching for naked celebrities you loser.

My other advice? Make sure you have up to date Internet security software installed, don’t respond to ‘pop-up’ security alerts from software you’ve never heard of and have never installed nor asked to scan your computer, and if you run a website secure your FTP passwords and regularly scan all nooks and crannies of the site for stuff that you never put there.

And still think twice before searching for naked celebrities you loser…