Users may be wary about malware embedded in gambling and porn sites, but one researcher is warning that simple, benign searches could land them in heaps of trouble.

Roger Thompson, a security researcher at Exploit Prevention Labs, reported that users doing online searches can easily stumble upon malicious Web sites -- normally legitimate sites that hackers have broken into to embed malicious code. Thompson is posting the problematic search terms on his blog.

"Mostly we do it because we find it fascinating to see what innocent things can get you into trouble," said Thompson in an e-mail to InformationWeek. "However, it is important for everyone to understand that you can get into trouble without visiting obviously dangerous Web sites. Lots of people think that because they don't surf to places like adult Web sites, they are perfectly safe, and that is not the case."

Thompson has reported that search terms like "Arches National Park," "air disasters in Florida," and "blue book" all call up links to pages that have malicious code embedded in them. Thompson noted in one blog entry that searching for "blue book" calls up a malicious Web site, not associated with the real Kelley Blue Book auto-pricing site. When searching for "air disasters in Florida," a wrong answer can lead users to a site with a WebAttacker 2 exploit. The same goes for "Arches National Park."

"It's certainly not a case of 'run for the hills,' but people need to be sensible because the bad guys are working hard at this stuff," said Thompson. "Firewalls keep worms out just fine, mostly, but e-mail passes through the firewall, and so does the Web browser. The bad guys understand this, and use automated tools to infect large numbers of innocent Web sites in a short amount of time."

The researcher noted that a year or two ago, a Turkish hacking group claimed a world record for defacing 38,500 Web sites in a single day. "Now, they defaced the Web sites, but they could just as easily have infected the Web sites," Thompson added. "This is the sort of thing that happened over the weekend with mass infections of Italian Web sites. Of course, lots of them get cleaned up quickly, but then some more take their place."