Websites for businesses such as furniture stores have been hacked to host child pornography images – and the likely motivation is to spread malware, an internet charity has warned.
Folders containing hundreds of images have been uploaded to business websites, and are then displayed to users on other sites, usually adult sites, Britain’s Internet Watch Foundation has warned. The images are described as the “worst of the worst” of images on the internet. The IWF has received 227 complaints about this sort of hack in the last six weeks.
“We speculate that the motivation behind the hacking is to distribute malware, specifically a Trojan,” Emma Lowther of the IWF said today. “The IWF specialises in removing online child sexual abuse images rather than tracking malware distributors. However, you can imagine that an internet user would be worried about taking their malware-infected computer to be fixed knowing it was a folder of child sexual abuse images which caused the problems. We know that those people whose computers have been infected were not looking for the criminal content though.”
The content is described as “among the worst” on the internet – and would be displayed without the administrators of adult sites being aware.
IWF Technical Researcher Sarah Smith said: “We hadn’t seen significant numbers of hacked websites for around two years, and then suddenly in June we started seeing this happening more and more. It shows how someone, not looking for child sexual abuse images, can stumble across it. The original adult content the internet user is viewing is far removed from anything related to young people or children.”
“We’ve received reports from people distressed about what they’ve seen. Our reporters have been extremely diligent in explaining exactly what happened, enabling our analysts to re-trace their steps and take action against the child sexual abuse images. Since identifying this trend we’ve been tracking it and feeding into police forces and our sister Hotlines abroad.”
Author Rob Waugh /Rob Waugh, WeLiveSecurity/
Author Rob Waugh, We Live Security