Adult Web Sites Lure Cybercrime Victims

Porn surfers are likely to have out-of-date software that can be exploited, making those users an attractive target for cybecriminals, according to a study.

The researchers believe their study is the first to look at the security risks of visiting online pornography Web sites rather than the economics of the online sex industry.

They studied thousands of adult Web sites and analyzed their security risks, finding that they pose more of a risk to surfers than the Web at large. "We found a relatively large number of Web sites that use questionable methods and techniques that can best be described as 'shady,'" the researchers wrote.

A major problem is that most adult Web sites are very low-margin businesses run by people unlikely to invest in technologies to properly defend their sites against hackers, said Gilbert Wondracek, a research fellow at the International Secure Systems Lab in Vienna and one of the study's authors.

"It's cut-throat competition," Wondracek said.

More than a third of adult Web sites that do not charge for content contained some type of activity that sought to mislead or misdirect visitors. One technique is including a JavaScript "catcher" that hijacks a Web browser, making it difficult for a visitor to exit a particular Web site.

Other free sites had blind links, which means a user can't see the destination site in the browser when hovering over a link. Of the pay sites, 10.9 percent had blind links compared to 26.2 percent for free sites.

"This is problematic, as it not only leaves the user unaware of the link's destination, but could also potentially be used to mask malicious activities such as cross site scripting (XSS) or cross site request forgery (CSRF) attacks," the study said.

More than 3 percent of the 35,000 adult Web sites analyzed by the researchers triggered malicious behavior such as code execution, registry changes or drive-by executable downloads, including spyware and Trojan horse programs.

To gain more data about who visits adults Web sites, the researchers built two adult Web sites of their own. They then paid two services to direct visitors to their Web sites.

Those visitors were profiled by looking at Web server logs, the user-agent string of visitors' browsers, which includes information on the version numbers for browser plugins.

They specifically focused on whether three plugins were up to date: Adobe Systems' Flash Player and PDF programs and one related to Microsoft's Office program.

"These three plugins had seven vulnerabilities in the recent past, and an attacker can buy toolkits that exploit these vulnerabilities to compromise a visitor," the study read.

Since many adult Web sites use Flash, visitors are likely to have the plugin -- which has had many security issues -- installed, Wondracek said. On Thursday, Adobe rushed out a fix for a vulnerability in Flash Player that had been actively exploited by hackers over the last week or so.

The researchers paid three traffic brokers at total of US$161.84 to direct 49,000 visitors with IP addresses in the U.S. and Europe to their two Web sites. More than 20,000 of those visitors "had a least one vulnerable component installed and more than 5,700 visitors had multiple vulnerable components," the study said.

"If we were the bad guys, we could have infected all of them with malware," Wondracek said.

The researchers concluded that it only takes a small investment in order to potentially infect thousands of computers with malicious code, and that adult Web site operators "have business models based on very questionable practices."

Pornographic Web sites account for about 12 percent of all Web pages on the Internet.

The study was authored by Wondracek along with Thorsten Holz, Christian Platzer, Engin Kirda and Christopher Kruegel.

Send news tips and comments to jeremy_kirk@idg.com

Subscribe to the Daily Downloads Newsletter

Comments