|
| Sophos works closely with the IWF to combat
internet child abuse. |
IT security and control firm Sophos is warning web hosts of the
dangers of not screening content posted on message boards,
following the discovery that legitimate web pages have been taken
over by cybercriminals using the forums to promote child
pornography.
According to experts at Sophos, the affected websites contain
many posts that attempt to entice readers to various child abuse
sites. The majority of the pages are on legitimate websites and one
is even on a website designed for children. The posts are all found
on message boards within these websites. All contain offensive
words and hidden links to the pornography sites.
"What's most worrying about these posts is that they're
happening on legitimate sites - any website can fall victim to an
attack, no matter what the content," said Fraser Howard, Principal
Virus Researcher at SophosLabsâ„¢. "This means that
innocent web surfers, including children, may stumble across this
kind of offensive content. Every web host must ensure that all
areas of their site are fully protected and that all user input is
carefully screened before it is posted on the site."
Sophos experts have noted a recent
upsurge in attacks involving malicious code injection onto
legitimate web pages. Ordinarily such attacks are for the purpose
of installing malware on victim machines.
"Some of the same techniques that malware authors use in order
to infect victims with malware are being used to distribute links
and drive traffic to all sorts of web content," continued Howard.
"The fact is that any unprotected website can be targetted by
cybercriminals trying to spread their malicious content. It is
essential that web hosts remain vigilant for hackers' attacks, and
deploy security solutions to defend against new and emerging
threats."
Sophos has reported the sites hosting these posts to the
Internet Watch Foundation,
the self-regulatory body that combats illegal content online.
Sophos recommends that all web hosts ensure up to date security
solutions are in place across their sites and that all user content
is screened prior to posting. For businesses, Sophos recommends
they deploy a web filtering
solution that not only filters based on website categorisation,
but that properly inspects the code of every website before
granting access.
More information can be found on the SophosLabs blog
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.