Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Adult Web sites lure cybercrime victims

Jeremy Kirk | June 14, 2010
A new study shows that porn surfers often have out-of-date software that can be exploited on the cheap

LONDON, 11 JUNE 2010 - Porn surfers are likely to have out-of-date software that can be exploited, making those users an attractive target for cybecriminals, according to a study.

The researchers believe their study is the first to look at the security risks of visiting online pornography Web sites rather than the economics of the online sex industry.

They studied thousands of adult Web sites and analyzed their security risks, finding that they pose more of a risk to surfers than the Web at large. "We found a relatively large number of Web sites that use questionable methods and techniques that can best be described as 'shady,'" the researchers wrote.

A major problem is that most adult Web sites are very low-margin businesses run by people unlikely to invest in technologies to properly defend their sites against hackers, said Gilbert Wondracek, a research fellow at the International Secure Systems Lab in Vienna and one of the study's authors.

"It's cut-throat competition," Wondracek said.

More than a third of adult Web sites that do not charge for content contained some type of activity that sought to mislead or misdirect visitors. One technique is including a JavaScript "catcher" that hijacks a Web browser, making it difficult for a visitor to exit a particular Web site.

Other free sites had blind links, which means a user can't see the destination site in the browser when hovering over a link. Of the pay sites, 10.9 per cent had blind links compared to 26.2 per cent for free sites.

"This is problematic, as it not only leaves the user unaware of the link's destination, but could also potentially be used to mask malicious activities such as cross site scripting (XSS) or cross site request forgery (CSRF) attacks," the study said.

More than 3 percent of the 35,000 adult Web sites analyzed by the researchers triggered malicious behavior such as code execution, registry changes or drive-by executable downloads, including spyware and Trojan horse programs.

To gain more data about who visits adults Web sites, the researchers built two adult Web sites of their own. They then paid two services to direct visitors to their Web sites.

Those visitors were profiled by looking at Web server logs, the user-agent string of visitors' browsers, which includes information on the version numbers for browser plugins.

They specifically focused on whether three plugins were up to date: Adobe Systems' Flash Player and PDF programs and one related to Microsoft's Office program.

"These three plugins had seven vulnerabilities in the recent past, and an attacker can buy toolkits that exploit these vulnerabilities to compromise a visitor," the study read.

Since many adult Web sites use Flash, visitors are likely to have the plugin -- which has had many security issues -- installed, Wondracek said. On Thursday, Adobe rushed out a fix for a vulnerability in Flash Player that had been actively exploited by hackers over the last week or so.


1  2  Next Page 

Sign up for Computerworld eNewsletters.