Porn websites pose malware risk, says researcher
Browsing popular pornography internet sites pose a growing risk of malware infection, according to a security researcher
Browsing popular pornography internet sites pose a growing risk of malware infection, according to a security researcher.
A year ago, Symantec found that, contrary to popular belief, only 2.4% of porn sites were infected, but a new study shows that figure has since risen to around 40%.
Not all businesses block access to such sites, but the latest study suggests there is an increasing need to do so to protect corporate networks from malware infections.
Researcher Conrad Longmore analysed metrics for 10 popular pornography sites to calculate the probability of contracting malware from visiting each site.
While six posed a zero risk rating, four scored risk ratings from 2% to 53%, with xhamster and pornhub.com taking the top two spots.
Longmore noted it is not the websites themselves that are to blame, but adverts displayed by the sites that are installing malicious software on computers without users’ knowledge.
Read more about malvertising
- Malvertisements: Mitigating malicious advertisement malware
- Who is responsible for blocking malvertisments?
- Malvertising, pop-up ad virus problems demand more user protection
- Google site tackles malware advertising
- Twelve nations collaborate to shut down international scareware cyber crime rings
- Spotify hit by malicious ads
The study found that, while most of the malware targeted users of Microsoft’s Windows operating system (OS), cyber criminals are also targeting mobile OSs.
The greatest risk, said Longmore, comes from external sites such as crakmedia.com, trafficjunky.net, traffichaus.com, and others. This means that all websites are potential targets.
“These too are intermediaries being abuse by third parties, but this is part of the problem with poorly regulated banner ads and traffic exchangers,” he said.
Longmore believes a culture of users being afraid to make a fuss means many instances of malicious advertising or “malvertising” go unreported.
Sites should put a quick reporting mechanism to flag up malicious ads and ad networks should also take some responsibility, he told the BBC.
Analysis of the malware infection through porn sites, said Longmore, emphasises the importance of ensuring all security updates for operating systems and applications are applied regularly.
He also recommends using up-to-date antivirus software and inherently more secure browsers such as Chrome.
“If you have Java then you should probably uninstall that as it is one of the most popular vectors for infection,” he said.
Many businesses are migrating away from Java due to the level of vulnerabilities in the Java Runtime Environment (JRE), according to Veracode’s latest State of Software Security report.
“Lot of enterprises are transitioning out of Java. There are lots of zero-day vulnerabilities, almost all of which allow malicious code execution,” said Chris Eng, vice-president of research at Veracode.
More on malvertising
More on Java
How to secure Java amid growing Java security vulnerabilities
Consider disabling Java as malware targets JRE vulnerabilities
Oracle and Apple release Java security updates
2013 Java trends: The cloud floats into Java application development
Java mobile application trends for 2013
Five quick Java programming tips for junior software developers