XSS distributes child porn

Open message boards targeted

Child pornography is being injected into Web forums by hackers using Cross Site Scripting (XSS), a technique typically deployed to distribute malware.

According to Sophos principal virus researcher Fraser Howard, the attacks occur because many Web sites allow Java Script-based content on their forums, or do not require adequate user authentication for posting.

"Some of the same techniques that malware authors use in order to infect victims with malware are being used to distribute links and drive traffic to all sorts of web content," Howard said.

"The attack targets legitimate message boards with hidden links to direct users to child pornography sites, and was even found on a site designed for children.

"Web hosts must deploy Web filters which filter based on Web site categorization, and inspect the code of every linked Web site prior to granting user access," Howard said.

"All user content must be screened prior to posting because any unprotected Web site can be targeted by cyber-criminals trying to spread malicious content."

Sophos has reported the targeted sites to online content regulator the Internet Watch Foundation.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Internet Watch FoundationSophos

Show Comments