We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Child porn targeting forums using web script

Sophos says Java-based content is to blame

Child pornography is being injected into web forums by hackers using Cross Site Scripting (XSS), a technique typically deployed to distribute malware.

According to Sophos principal virus researcher Fraser Howard, the attacks occur because many websites allow Java-based content on their forums, or do not require adequate user authentication for posting.

"Some of the same techniques that malware authors use in order to infect victims with malware are being used to distribute links and drive traffic to all sorts of web content," Howard said.

"The attack targets legitimate message boards with hidden links to direct users to child pornography sites, and was even found on a site designed for children.

"Web hosts must deploy web filters which filter based on website categorisation, and inspect the code of every linked website prior to granting user access," Howard said.

"All user content must be screened prior to posting because any unprotected website can be targeted by cyber-criminals trying to spread malicious content."

Sophos has reported the targeted sites to online content regulator the Internet Watch Foundation.

www.computerworld.com.au


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

Why you shouldn't buy your gadgets at launch: Wait and pick up a bargain

IDG UK Sites

Artist creates a geometric rave in a chapel for The House of St Barnabus

IDG UK Sites

Mac mini (Late 2014) 1.4 GHz review: Mac mini is sort of upgradable, but is it any good as it is?