Criminals hosting child pornography on 227 business websites

Businesses' website are being illegally hijacked to forcibly store child pornography, according to the Internet Watch Foundation (IWF), in what security researchers believe could be a ransomware scam.

IWF technical researcher Sarah Smith uncovered the alarming trend after 227 small to medium-sized businesses, including a furniture store, reported falling victim to the attack.

She explained that the hack caused unsuspecting web users looking at legal adult content to be forcibly redirected to the business sites hosting the images.

"We hadn't seen significant numbers of hacked websites for around two years, and then suddenly in June we started seeing this happening more and more. It shows how someone, not looking for child sexual abuse images, can stumble across it," Smith said.

"The original adult content the internet user is viewing is far removed from anything related to young people or children."

The motivation for the attacks remains unknown, though Smith confirmed the IWF is tracking the movement of the attacks and is working to trace its origin.

"We've received reports from people distressed about what they've seen. Our reporters have been extremely diligent in explaining exactly what happened, enabling our analysts to retrace their steps and take action against the child sexual abuse images. Since identifying this trend we've been tracking it and feeding into police forces and our sister hotlines abroad," she said.

F-Secure security analyst Sean Sullivan told V3 the attack is likely the first stage in a wider campaign. "If this is in any way prevalent, I would suspect it is part of a ransomware or blackmail scheme," he said.

"From what I've read, malware is also pushed by the 'orphan' folder on the hacked site. And then – if a ‘police' ransomeware notification shows up a week later demanding that the victim pay a fine – I would very strongly doubt that the victim will seek tech support help, because they'll have seen an obscene image recently.

"The only other motivation that I can think of is some elaborate plot to publicise the need for a UK porn filter as 'porn' can lead to child abuse images. But I don't see why somebody would do that, as the government is already moving in that direction."

Independent security expert Graham Cluley mirrored Sullivan's sentiment confirming that the evidence suggests the attacks are not designed just to spread child pornography.

"I think it is unlikely that the offending images have been planted on the legitimate websites for the purposes of delivering the illegal content to paedophiles. It just doesn't seem plausible to me, and the chances for being discovered are too great," he wrote.

"Wouldn't it be an altogether more convincing and successful scam if the victims had been visiting adult websites, and found themselves unexpectedly looking at child abuse images? What better way to scare someone into paying a ransom than to tell them that they have been spotted accessing child pornography?

"Many people who receive a message like that would be petrified of contacting the police to check if it's true, or taking your PC down to the local computer store to be checked over."

Ramsomware is a dangerous form of malware that locks victims' computers and instructs them to pay a "fine" to have them unlocked. The malware has been a growing problem for firms, with new scams appearing on a near daily basis. Most recently ransomware posing as the US Department of Homeland Security and FBI were uncovered targeting unwary web users.

• Tweet  
• Facebook  
•  
•  
• Save this article  
• Send to  

• Topics
• Security
• Web
• malware
• Hacking
• cyber-crime