2010-06-11 07:02:13
Visitors to porn sites are at serious risk of being exploited by cyber
criminals, a study has suggested.
It found that many sites harboured malware or used "shady" practices to squeeze
money out of their visitors.
By creating their own porn sites researchers found that many consumers were
vulnerable to known bugs and vulnerabilities.
Competition among porn sites makes the online adult industry ripe for abuse by
hi-tech criminals.
"They have almost inadvertently created a whole ecosystem that's easy to abuse
for cyber crime on a large scale," said Dr Gilbert Wondracek, a computer
security expert from the International Secure System Lab, which led the study.
Hidden danger
Dr Wondracek said the team embarked on the study to find out the truth of the
widely held view that porn sites are dangerous to visit.
"There are studies looking at the profitability and economics of the industry
but we are the first to come at it from a security and more technical point of
view," he said.
Statistics suggest that approximately 12% of all websites offer pornography of
one sort or another and that 70% of men under 24 browse these sites.
As a first step the researchers trawled pornographic sites to classify what
they found and how the industry was structured.
Continue reading the main story
For the average user it might be hard to tell an honest porn site from a
dishonest porn site
Dr Gilbert Wondracek International Secure System Lab
The big distinction was between free sites and those that charge for access.
Typically pay sites produce content they give to free sites to drum up traffic.
More than 90% of the 35,000 pornographic domains analysed in the study were
free sites.
The researchers analysed the 269,000 websites hosted on the 35,000 domains to
see which hosted malicious software. About 3.23% of these sites were
booby-trapped with adware, spyware and viruses.
Many others used "shady" practices to keep visitors onsite. These included
javascript catchers that made it hard for people to leave a page.
Others use scripts that re-direct visitors so when they click on a link they do
not see the video or image they were expecting but are passed to an affiliate
site.
The vast majority of sites engage in this trading of traffic or clicks, said Dr
Wondracek.
"Visitors are being abused as click bots," he said.
As most sites were free, the only resource they could exploit as a revenue
source was this traffic.
"It's cut-throat competition," said Dr Wondracek. "Everybody tries to get as
much traffic as possible."
Finding victims
Traffic is used in many different ways. Popular sites sell it to those looking
for an audience, some is used to direct visitors to affiliates who provide
content and sometimes it is used to boost rankings in search engine indexes.
It could also be a great way for hi-tech criminals to get a ready source of
victims, said Dr Wondracek.
To test this idea the researchers created two adult sites of their own,
populated them with free content from porn producers and spent $160 ( 108) to
get traffic piped to these sites.
Analysis of the 49,000 visitors sent to their sample sites showed that 20,000
were using a computer and browser combination that was vulnerable to at least
one known exploit.
"As an attacker you want to make your life easier," said Dr Wondracek. "If you
can have these 20,000 people come to a place instantly, why not?"
With many porn sites appearing in the top 100 most popular sites on the web
this could mean that huge numbers of people are caught out when they browse for
adult content.
While relatively few porn sites were infecting visitors, it is difficult to
spot good from bad, he said.
"For the average user it might be hard to tell an honest porn site from a
dishonest porn site until you click on something," he said.
Dr Wondracek recommended that anyone visiting porn sites keep their security
software up to date and use the "safe browsing" modes found in many browsing
programs.
The researchers presented their results at the Workshop on the Economics of
Information Security held at Harvard from 7-8 June.