'Shady' porn site practices put visitors at risk

Neon sign outside sex shop, BBC Intense competition means porn sites compete for visitors

Related Stories

Visitors to porn sites are at serious risk of being exploited by cyber criminals, a study has suggested.

It found that many sites harboured malware or used "shady" practices to squeeze money out of their visitors.

By creating their own porn sites researchers found that many consumers were vulnerable to known bugs and loopholes.

Competition among porn sites makes the online adult industry ripe for abuse by hi-tech criminals.

"They have almost inadvertently created a whole ecosystem that's easy to abuse for cyber crime on a large scale," said Dr Gilbert Wondracek, a computer security expert from the International Secure System Lab, which led the study.

Hidden danger

Dr Wondracek said the team embarked on the study to find out the truth of the widely held view that porn sites are dangerous to visit.

"There are studies looking at the profitability and economics of the industry but we are the first to come at it from a security and more technical point of view," he said.

Statistics suggest that approximately 12% of all websites offer pornography of one sort or another and that 70% of men under 24 browse these sites.

As a first step the researchers trawled pornographic sites to classify what they found and how the industry was structured.

Start Quote

For the average user it might be hard to tell an honest porn site from a dishonest porn site”

End Quote Dr Gilbert Wondracek International Secure System Lab

The big distinction was between free sites and those that charge for access. Typically pay sites produce content they give to free sites to drum up traffic.

More than 90% of the 35,000 pornographic domains analysed in the study were free sites.

The researchers analysed the 269,000 websites hosted on the 35,000 domains to see which hosted malicious software. About 3.23% of these sites were booby-trapped with adware, spyware and viruses.

Many others used "shady" practices to keep visitors onsite. These included javascript catchers that made it hard for people to leave a page.

Others use scripts that re-direct visitors so when they click on a link they do not see the video or image they were expecting but are passed to an affiliate site.

The vast majority of sites engage in this trading of traffic or clicks, said Dr Wondracek.

"Visitors are being abused as click bots," he said.

As most sites were free, the only resource they could exploit as a revenue source was this traffic.

"It's cut-throat competition," said Dr Wondracek. "Everybody tries to get as much traffic as possible."

Finding victims

Traffic is used in many different ways. Popular sites sell it to those looking for an audience, some is used to direct visitors to affiliates who provide content and sometimes it is used to boost rankings in search engine indexes.

It could also be a great way for hi-tech criminals to get a ready source of victims, said Dr Wondracek.

To test this idea the researchers created two adult sites of their own, populated them with free content from porn producers and spent $160 (£108) to get traffic piped to these sites.

Analysis of the 49,000 visitors sent to their sample sites showed that 20,000 were using a computer and browser combination that was vulnerable to at least one known exploit.

"As an attacker you want to make your life easier," said Dr Wondracek. "If you can have these 20,000 people come to a place instantly, why not?"

With many porn sites appearing in the top 100 most popular sites on the web this could mean that huge numbers of people are caught out when they browse for adult content.

While relatively few porn sites were infecting visitors, it is difficult to spot good from bad, he said.

"For the average user it might be hard to tell an honest porn site from a dishonest porn site until you click on something," he said.

Dr Wondracek recommended that anyone visiting porn sites keep their security software up to date and use the "safe browsing" modes found in many browsing programs.

The researchers presented their results at the Workshop on the Economics of Information Security held at Harvard from 7-8 June.

More on This Story

Related Stories

FROM OTHER NEWS SITES
Times Online Pornographers and parents should unite - 20 hrs ago
Macworld Adult Web sites lure cybercrime victims - 21 hrs ago
NetworkWorld Online porn users take huge risks, study finds - 25 hrs ago

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • RihannaCloud caution

    After celebrity leaks, what can you do to safeguard your photos?


  • Cesc FabregasFair price?

    Have some football clubs overpaid for their new players?


  • Woman and hairdryerBlow back

    Would banning high-power appliances actually save energy?


  • Rack of lambFavourite feast

    Is the UK unusually fond of lamb and potatoes?


  • Members of staff at James Stevenson Flags hold a Union Jack and Saltire flag UK minus Scotland

    Does the rest of the UK care if the Scots become independent?


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.