• Home
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
  • Events
  • Whitepapers
  • Newsletters
  • Sign in
  • Events
    • Follow V3 Events

      Sign up to receive email alerts about our events

      Sign up
  • Whitepapers
    • V3resources 120x194
      Network Security Forensics For GDPR Compliance

      An effective network security forensics strategy can assist an organization in providing key compliance-related details as part of any post-incident GDPR investigation.

      Download
      V3resources 120x194
      10 ways to increase productivity with managed Office 365

      For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Data Strategy Spotlight
  • Sign in
  •  
    •  

      You are currently accessing V3 .co.uk via your Enterprise account.

      Personalise your on site experience

      Download and use the apps

      Access your subscription from outside of the office

      Get relevant news and insight straight to your inbox

      • Sign in
     
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
  • Follow us
    • RSS
    • Twitter
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
 
  •  

    You are currently accessing V3 .co.uk via your Enterprise account.

    Personalise your on site experience

    Download and use the apps

    Access your subscription from outside of the office

    Get relevant news and insight straight to your inbox

    • Sign in
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
V3.co.uk
  • Security

Criminals hosting child pornography on 227 business websites

Attackers could be planning ransomware cash grab against innocent web users

Computer bug
  • Alastair Stevenson
  • Alastair Stevenson
  • @MonkeyGuru
  • 06 August 2013
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

Businesses' website are being illegally hijacked to forcibly store child pornography, according to the Internet Watch Foundation (IWF), in what security researchers believe could be a ransomware scam.

IWF technical researcher Sarah Smith uncovered the alarming trend after 227 small to medium-sized businesses, including a furniture store, reported falling victim to the attack.

She explained that the hack caused unsuspecting web users looking at legal adult content to be forcibly redirected to the business sites hosting the images.

"We hadn't seen significant numbers of hacked websites for around two years, and then suddenly in June we started seeing this happening more and more. It shows how someone, not looking for child sexual abuse images, can stumble across it," Smith said.

"The original adult content the internet user is viewing is far removed from anything related to young people or children."

The motivation for the attacks remains unknown, though Smith confirmed the IWF is tracking the movement of the attacks and is working to trace its origin.

"We've received reports from people distressed about what they've seen. Our reporters have been extremely diligent in explaining exactly what happened, enabling our analysts to retrace their steps and take action against the child sexual abuse images. Since identifying this trend we've been tracking it and feeding into police forces and our sister hotlines abroad," she said.

F-Secure security analyst Sean Sullivan told V3 the attack is likely the first stage in a wider campaign. "If this is in any way prevalent, I would suspect it is part of a ransomware or blackmail scheme," he said.

"From what I've read, malware is also pushed by the 'orphan' folder on the hacked site. And then – if a ‘police' ransomeware notification shows up a week later demanding that the victim pay a fine – I would very strongly doubt that the victim will seek tech support help, because they'll have seen an obscene image recently.

"The only other motivation that I can think of is some elaborate plot to publicise the need for a UK porn filter as 'porn' can lead to child abuse images. But I don't see why somebody would do that, as the government is already moving in that direction."

Independent security expert Graham Cluley mirrored Sullivan's sentiment confirming that the evidence suggests the attacks are not designed just to spread child pornography.

"I think it is unlikely that the offending images have been planted on the legitimate websites for the purposes of delivering the illegal content to paedophiles. It just doesn't seem plausible to me, and the chances for being discovered are too great," he wrote.

"Wouldn't it be an altogether more convincing and successful scam if the victims had been visiting adult websites, and found themselves unexpectedly looking at child abuse images? What better way to scare someone into paying a ransom than to tell them that they have been spotted accessing child pornography?

"Many people who receive a message like that would be petrified of contacting the police to check if it's true, or taking your PC down to the local computer store to be checked over."

Ramsomware is a dangerous form of malware that locks victims' computers and instructs them to pay a "fine" to have them unlocked. The malware has been a growing problem for firms, with new scams appearing on a near daily basis. Most recently ransomware posing as the US Department of Homeland Security and FBI were uncovered targeting unwary web users.

  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Web
  • malware
  • Hacking
  • cyber-crime

V3 Latest

First plant to grow on the Moon, err, dies
First plant to grow on the Moon, err, dies

Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night

  • Communications
  • 18 January 2019
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData

Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018

  • Software
  • 18 January 2019
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand

Meteor showers as a service will be visible for about 100 kilometres in all directions

  • Communications
  • 18 January 2019
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data

New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago

  • Communications
  • 18 January 2019
Back to Top
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • Newsletters
  • Facebook
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017