We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,785 News Articles

Child porn targeting forums using web script

Sophos says Java-based content is to blame

Child pornography is being injected into web forums by hackers using Cross Site Scripting (XSS), a technique typically deployed to distribute malware.

According to Sophos principal virus researcher Fraser Howard, the attacks occur because many websites allow Java-based content on their forums, or do not require adequate user authentication for posting.

"Some of the same techniques that malware authors use in order to infect victims with malware are being used to distribute links and drive traffic to all sorts of web content," Howard said.

"The attack targets legitimate message boards with hidden links to direct users to child pornography sites, and was even found on a site designed for children.

"Web hosts must deploy web filters which filter based on website categorisation, and inspect the code of every linked website prior to granting user access," Howard said.

"All user content must be screened prior to posting because any unprotected website can be targeted by cyber-criminals trying to spread malicious content."

Sophos has reported the targeted sites to online content regulator the Internet Watch Foundation.

www.computerworld.com.au


IDG UK Sites

Google Fit vs Apple Health Kit: What's the difference?

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Introducing generation tech

IDG UK Sites

This animated film reveals the importance of designing for everyone