Internet users accessing pornographic sites usually do not update their software properly, making them a great target for cybercriminals, says a study by researchers at the University of Santa Barbara, the Secure Systems Lab and the Institute eurecom.
The survey's authors believe to be the first to study the risks of security for access to pornographic sites, instead of looking only for an economic bias. We analyzed thousands of websites with adult content and came to the conclusion that they are more dangerous than the internet in general.
"We found a relatively large number of these pages that use questionable methods and techniques that, at best, could be described as bleak," says the document.
According to Gilbert Wondracek of Secure Systems Lab, one of the main problems is that most of these sites is managed by companies with low profit margins, preventing investment in technology to protect your product from hackers. "And the competition is very high," he says.
More than a third of the portals pornographic material that does not contain charged by some kind of deception that tried to trick the user. One of the methods used included a sort of collector JavaScript, which hijacked the browser and made it difficult for certain window was closed.
Some had hidden links, or by pointing to one, the address to which the Internet user would be directed not appear. In the paid sites, 10.9% employ this ruse, the free rate rises to 26.2%.
"This is very problematic, since it not only leaves the user unaware of the destination address, mask malicious activity as well as cross-site scripting attacks (XSS) and cross site request forgery (CSRF)," says the study.
Dangerous activity
More than 3% of adult content portals surveyed unleashed malicious attacks, such as improper code execution, registry changes and file downloads are not required, including spyware.
To get more data on those who visit such sites, the researchers built on their own, two, three and paid services to Internet users were directed to pages created. These visitors were surveyed from Web server logs, which included information about the versions of the programs related to the browser.
Specifically, three software had special attention: the Flash Player , Adobe programs, PDF and Microsoft Office suite.
"Together, they account for seven vulnerability s in the recent past, and a criminal can buy tools that exploit these flaws and compromise the machine of visitors, "says the study.
The authors spent $ 161.84 with the three services of brokers hired to direct traffic 49 000 Internet users in Europe and the United States to their sites. Over 20,000 of these users had at least one vulnerability in your computer s and more than 5700 had more than one.
"If we were hustlers, we would have harmed thousands of Internet users," says Wondracek.
Thus, the researchers concluded that, with a small investment, you can infect thousands of machines with malicious code, and that the portals have adult content "business models based on very dubious practices."
Finally, it is important to note that around 12% of all web pages are dedicated to this type of material.
