Malware hits new low with abuse image attacks



The Internet Watch Foundation, an organisation that aims to eliminate access to indecent images of children online, says it has received 227 reports in the past six weeks of business websites being compromised, confronting users with images of extreme child sexual abuse.

These images are categorised as the most severe according to the Sentencing Guidelines Council’s scale of child sexual abuse. Even more worrying is that recent plans announced by the Prime Minister for controlling pornography on the internet would not safeguard users against attacks of this nature.

Despite the best efforts of software vendors that aim to protect our information both on and offline, security issues still arise on a daily basis.

Attacks like those reported to the IWF exploit two well-known problems in internet security; poor protection on legitimate business websites and ignorance among users of the types of data they are really downloading onto their computers.

These attacks work through redirection. A user clicks on one link, for example to a file, and this link takes them to a different file to the one they want. In this case, a user may be surfing a legitimate adult content website. On clicking to view a file, such as an image or video, the user is redirected without their knowledge to another website. This website has been compromised by the attackers and contains indecent images of children which would then be viewed by the user. Because images are downloaded to our computers by the web browser when we view them, a copy of this illegal content would then be stored on the computer’s hard drive, often without the user’s knowledge.

The motivation for the attacks remains unclear. The IWF says that it hadn’t had reports of significant numbers of hacked websites for some years until the spate of recent incidents. It may be that the attackers are just trying to upset users who are confronted with disturbing images of child abuse while they browse the internet. Another possibility is that the attackers are trying to damage the reputation of the legal sites they are corrupting. If a user has an experience as unpleasant as seeing images of abused children when using a website, they are unlikely to return again as a customer.

A third motivation seems more plausible; the user not only views the indecent images of children but also inadvertently downloads malware (malicious software) to their computer. Malware is software that compromises the security of computers. It comes in many guises and can gather sensitive information like passwords or banking details or disrupt normal computer operations.

This attack may be linked to one type of malware in particular, “ransomware” or “scareware”. This restricts access to the computer that it infects until a fee is paid to the person who wrote the malware. Often, an onscreen message appears to warn the user that their computer has been locked by a virus and that they should buy certain security software to solve the problem. Alternatively, and more likely in this case, a message pretending to be from the police is displayed saying that the user has downloaded illegal content and that they must pay a fine. Forcing the user to inadvertently view indecent images of children makes this threat all the more plausible, making them more likely to pay money to the creator of the malware and less likely to report the incident to the police.

Such software is very lucrative for those behind it. For example, 11 people were arrested earlier this year by Spanish police working in conjunction with Europol for developing such malware. It is estimated that they earned €1m ($1.3m) a year from their Reveton malware.

Whether or not the government puts in place restrictions on how we access the internet in an attempt to cut back on adult content, individual users must learn a lesson from the IWF story. Even if the website you are using is legitimate, you must always think before you click.