We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Cyberciminals exploit those looking for porn on the web

Visitors to adult sites often have out-of-date software

Web users looking on the net for porn are likely to have out-of-date software that can be exploited, making them an attractive target for cybecriminals.

Researchers behind a recent study believe theirs is the first to look at the security risks of visiting online pornography websites rather than the economics of the online sex industry.

They studied thousands of adult websites and analysed their security risks, finding that they pose more of a risk to surfers than the web at large.

"We found a relatively large number of websites that use questionable methods and techniques that can best be described as 'shady'," the researchers said.

A major problem is that most adult websites are very low-margin businesses run by people unlikely to invest in technologies to properly defend their sites against hackers, said Gilbert Wondracek, a research fellow at the International Secure Systems Lab in Vienna and one of the study's authors.

"It's cut-throat competition," Wondracek said.

More than a third of adult websites that do not charge for content contained some type of activity that sought to mislead or misdirect visitors.

One technique is including a JavaScript 'catcher' that hijacks a web browser, making it difficult for a visitor to exit a particular website.

Other free sites had blind links, which means a user can't see the destination site in the browser when hovering over a link. Of the pay sites, 10.9 percent had blind links compared to 26.2 percent for free sites.

"This is problematic, as it not only leaves the user unaware of the link's destination, but could also potentially be used to mask malicious activities such as cross site scripting (XSS) or cross site request forgery (CSRF) attacks," the study said.

More than three percent of the 35,000 adult websites analysed by the researchers triggered malicious behavior such as code execution, registry changes or drive-by executable downloads, including spyware and Trojan horse programs.

To gain more data about who visits adults Web sites, the researchers built two adult websites of their own. They then paid two services to direct visitors to their websites.

Those visitors were profiled by looking at web server logs, the user-agent string of visitors' browsers, which includes information on the version numbers for browser plugins.

They specifically focused on whether three plugins were up to date: Adobe Systems' Flash Player and PDF programs and one related to Microsoft's Office program.

"These three plugins had seven vulnerabilities in the recent past, and an attacker can buy toolkits that exploit these vulnerabilities to compromise a visitor," the study read.

Since many adult websites use Flash, visitors are likely to have the plugin - which has had many security issues - installed, Wondracek said.

On Thursday, Adobe rushed out a fix for a vulnerability in Flash Player that had been actively exploited by hackers over the last week or so.

The researchers paid three traffic brokers at total of US$161.84 to direct 49,000 visitors with IP addresses in the US and Europe to their two websites.

More than 20,000 of those visitors "had a least one vulnerable component installed and more than 5,700 visitors had multiple vulnerable components," the study said.

"If we were the bad guys, we could have infected all of them with malware," Wondracek said.

The researchers concluded that it only takes a small investment in order to potentially infect thousands of computers with malicious code, and that adult Web site operators "have business models based on very questionable practices."

Pornographic websites account for about 12 percent of all web pages on the internet.

The study was authored by Wondracek along with Thorsten Holz, Christian Platzer, Engin Kirda and Christopher Kruegel.

See also: 45% of men watch porn online


IDG UK Sites

LG G Watch R video review: The most desirable Android Wear smartwatch

IDG UK Sites

Apple's 2014 highlights: the most significant Apple news of 2014

IDG UK Sites

2015 creative trends: leading designers & artists reveal the biggest influences & changes coming th)......

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad