Websites Hacked To Serve Up Child Abuse Images And Malware

Hundreds of complaints have been made about websites that have been compromised to link to child abuse images and malware, the Internet Watch Foundation (IWF) reported today.

It said 277 reports have been made about the problem in the last six weeks alone, and a spokesperson from the IWF told TechWeekEurope more reports had flooded in over recent days.

The attackers are breaking into many legal adult websites, inserting links to another hacked site, which will then download a folder containing child sex abuse images. Often, malware is concomitantly being downloaded onto victims’ machines.

Child abuse and malware

The images are the “worst of the worst”, typically involving children aged 0-2, being raped and sexually tortured.

“The hacked website and the adult websites have no idea this has gone on,” Emma Lowther, director of external relations for the IWF, told TechWeek.

“Your question might be, why would someone want to do this? The answer is we don’t know.

“What’s common is that when that folder of images is opened it also downloads malware, so we think it might be someone’s idea of how they might want to spread viruses.

“We don’t believe the people behind this really want to distribute images of child sexual abuse images to like minded people.”

IWF technical researcher Sarah Smith added: “We hadn’t seen significant numbers of hacked websites for around two years, and then suddenly in June we started seeing this happening more and more.

“Since identifying this trend we’ve been tracking it and feeding into police forces and our sister hotlines abroad.”

Pornography sites are often riddled with security threats and malware. In April, a researcher claimed hugely popular porn services like xhamster.com and pornhub.com posed serious problems for users, with almost a 50 percent chance of getting infected if visiting those websites.

But motivation in these attacks remains a mystery. Professor Alan Woodward, of the Department of Computing at the University of Surrey, suggested to TechWeek vigilantes could be behind the attacks, or even law enforcement. “Either way, an interesting development.”

Smith told TechWeek the files had to be clicked on to view the images and the name of the file made it fairly clear what was inside.

“That would suggest maybe they are going after people who use porn sites and might be tempted into kiddie stuff,” Woodward added. “CEOP [Child Exploitation & Online Protection Centre] were saying last time this came up that legal sites were being used with links that were ‘barely disguised’ links to illegal content.  Maybe they’re after people doing that.”

Sean Sullivan, security expert at F-Secure, said he suspected ransomware efforts, “using the illicit images to shakedown targets”.

What do you know about Internet security? Find out with our quiz!