Security news
Security news12 June 2007
Hackers spread illegal child content through web message boards Legitimate web pages taken over by cybercriminals to promote child pornography
 |
| Sophos works closely with the IWF to combat internet child abuse. |
IT security and control firm Sophos is warning web hosts of the dangers of not screening content posted on message boards, following the discovery that legitimate web pages have been taken over by cybercriminals using the forums to promote child pornography.
According to experts at Sophos, the affected websites contain many posts that attempt to entice readers to various child abuse sites. The majority of the pages are on legitimate websites and one is even on a website designed for children. The posts are all found on message boards within these websites. All contain offensive words and hidden links to the pornography sites.
"What's most worrying about these posts is that they're happening on legitimate sites - any website can fall victim to an attack, no matter what the content," said Fraser Howard, Principal Virus Researcher at SophosLabs™. "This means that innocent web surfers, including children, may stumble across this kind of offensive content. Every web host must ensure that all areas of their site are fully protected and that all user input is carefully screened before it is posted on the site."
Sophos experts have noted a recent upsurge in attacks involving malicious code injection onto legitimate web pages. Ordinarily such attacks are for the purpose of installing malware on victim machines.
"Some of the same techniques that malware authors use in order to infect victims with malware are being used to distribute links and drive traffic to all sorts of web content," continued Howard. "The fact is that any unprotected website can be targetted by cybercriminals trying to spread their malicious content. It is essential that web hosts remain vigilant for hackers' attacks, and deploy security solutions to defend against new and emerging threats."
Sophos has reported the sites hosting these posts to the Internet Watch Foundation, the self-regulatory body that combats illegal content online.
- Find out more about how to protect children from online threats at www.getsafeonline.org
- Find out about the Virtual Global Taskforce - a group of police forces working around the world to fight online child abuse
Sophos recommends that all web hosts ensure up to date security solutions are in place across their sites and that all user content is screened prior to posting. For businesses, Sophos recommends they deploy a web filtering solution that not only filters based on website categorisation, but that properly inspects the code of every website before granting access.
More information can be found on the SophosLabs blog
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
