Internet search engines are now one of the commonest means by which malware spreads, a new study has suggested.

The study carried out by McAfee’s spyware expert Ben Edelman using the company’s SiteAdvisor tool, analysed common searches on all the Net’s major search engines, Google, Yahoo, MSN, AOL and Ask.

The results make sobering reading. Between January and April of this year, all surveyed engines returned numerous sites that could be classified as “risky”. At times the risky site percentage reached 72 percent of returned sites for apparently innocuous searches such as “free screensavers,” “digital music,” and ”popular software.”

MSN emerged as the best of the bunch with 3.9 percent of risky sites returned overall, with Google on 5.3 percent and Ask the worst at 6.1 percent.

The report claims US consumers are now making 285 million clicks to hostile sites each month as a result of search engines alone, a figure which is an extrapolation of the estimated 5.7 billion searches made by the US population over the same period.

Sponsored links – the commercial frontline for search engines – were particularly prone to malware subversion, returning between two and four times as many risky sites as unsponsored links.

The results held true, regardless of which page was analysed. Page one results were only moderately safer than page 2-5 searches.

"As we look at the web, we see many instances when search engines lead users to dangerous content,” the report says. "Our analysis of search engine safety finds bad practices among 5 percent of search results for popular keywords, or roughly one site per page of search results."

McAfee lays the blame on the way search engines are designed to earn as much money as possible from searches - without considering the implications of malware evolution.

"Profit motivations have shifted search engines' ranking methodologies. Prominent results often reflect solely a site's willingness to pay rather than its quality, relevance, or safety," it says. "Some analysis indicates that search engines make big money selling ads to untrustworthy of sites – many millions of dollars each year.”

The report cautions against reading the risk rates as low, rightly pointing out that becoming infected with even a single piece of malware can be disastrous for the average consumer.