The Link Between Porn and Malware
With just a minimal amount of money invested, a single operator of a pornographic website can infect more than 20,000 computers with malware, according to a recent academic study presented at the Workshop on the Economics of Information Security (WEIS 2010).
The researchers examined the online pornographic industry and traced significant amounts of malicious activity to porn websites.
“Common belief suggests that adult web sites tend to be more dangerous than other types of web sites, considering well-known web-security issues such as malware, or script based attacks,” the researchers said. “Our results verify this assumption, and in addition, we show that many adult web sites use aggressive marketing and advertisement methods that range from “shady” to outright malicious. They include techniques that clearly aim at misleading web site visitors and deceiving business partners.”
The team included researchers from from Secure Systems Lab, Technical University Vienna, Institute Eurecom, Sophia Antipolis and the University of California, Santa Barbara. The group established its own adult website and found it remarkably easy to make money and distribute malware.
“For example, we discovered that a malicious operator could infect more than 20,000 with a minimal investment of about $160,” the researchers said. “We conclude that many participants of this industry have business models that are based on very questionable practices that could very well be abused for malicious activities and conducting cyber-crime. In fact, we found evidence that this kind of abuse is already happening in the wild.”
After manually searching around 700 adult websites, the researchers developed an automatic tool to crawl through 269,566 URLs belonging to 35,083 porn sites. The researchers found that “free” pornographic websites were the most dangerous.
“For either economic role, we found a relatively large number of web sites that use questionable methods and techniques that can best be described as “shady,’” according to the researchers. “Unlike well-known web-based attacks and malicious activities (such as drive-by downloads), these practices directly aim at manipulating and misleading a visitor to perform actions that result in an economic profit for the web site operator. Overall, we found free sites to employ at least one of these techniques more often (34.2 percent) when compared to pay sites (11.4 percent).”
Related posts:
