Just how much malware is on free porn sites?

One researcher found that users have a 50 percent chance of getting infected by malware on some of the world's most popular websites.

Did you know the Internet has pornography on it? We were just as shocked to discover that as you. In fact, much of this pornographic material is available for free--but that doesn't mean there's not a huge potential cost. Specifically when it comes to malware. One researcher found that among some of world's most highly trafficked free pornography sites, the probability of coming into contact with malware can exceed 50 percent in some cases.

Security expert Conrad Longmore detailed on his blog an investigation into the prevalence of malware on some top pornographic sites. Utilizing data from Google's Safe Browsing diagnostic tool, he calculated porn aficionados' risk of becoming infected with malware. For example, visitors to Pornhub.com, the 63rd most popular website in the world (and 41st in the US) have a 53% chance of coming into contact with malware, according to his calculations.

Pornhub's Safe Browsing report (completely SFW) states that of the 14,263 pages tested on the site over the previous 90 days, 1,777 resulted in malicious software being downloaded and installed without user consent.

Several of the websites highlighted in the study defended the relative safety of their platforms to the BBC. "On average, the website serves over 15.5 billion ads every month," commented a rep from Pornhub. "Isolated incidents of malware are immediately caught, and minute when considering the mammoth amount of traffic our site receives.

Xhamster.com--the 46th most popular website in the world, and which Longmore found offered visitors a 42% chance of coming into contact with malware--claims that much of the malware problem is the result of lax security from third party advertisers. "The problem is that even reliable advertisers sometimes can be hacked," a spokesperson for the site told the BBC. "For example, in the past we had such issues with one of the top five porn pay sites in the world. Their ad system was hacked and used for malware."

According to Google Safe Browsing, of its 21,253 pages sampled over the past 90 days, Xhamster was found to have 1,067 pages with malicious software. As a point of comparison, Facebook, the world's top-trafficked site, had only 127 incidences of malware out of 818,788 sampled pages; YouTube, the net's third most popular site, had 348 incidences out of 16,004,642 pages sampled; and CNN had zero incidences our of 41,628 pages sampled. (And, just for fun, TechHive had 0 malware incidences out of 492 pages tested, thank you very much.)

A Bacchanalia of malware

As pornography has become ubiquitous and free, the audience willing to pay for it has dwindled. In the wake of this great democratization of flesh, we have seen the rise of highly trafficked websites whose business model has been built around offering free content to run along ads. And within this largely unpoliced ad bonanza, malware chefs have been given an opportunity to expose their malicious code to a high volume of unassuming porn consumers.

The prevalence of malware on even "established" sites is largely the result of traffic brokers who facilitate the seedy world of targeted nekkid people link exchanges. According to a 2010 study, a research team purchased 47,000 clicks to a test porn site for only $160, no questions asked. According to the team, of those click-troughs, 20,000 could have been easily exploited for known vulnerabilities using a customized botnet.

That comes out to only $0.008 per potentially infected computer. Not a bad deal for people who don't care at all about your privacy and for whom your computer is just a quantifiable means to an end.

Be safe out there

Among subscription-based porn sites, there appears to be less prevalence of malware. A friend who--wisely--wishes to remain anonymous referred me to some popular for-pay porn sites, where I found no occurrences of malware. At least within the past 90 days, the pay-based sites burningangel.com, brazzers.com, and suicidegirls.com all were found to have zero malware in their Safe Browsing reports.

Pornography has been there since the very beginnings of the Internet. It has managed a unique balancing act of being both ubiquitous and subterranean, providing a bridge between society's seedy underside and a large cross-section of the unsuspecting populace.

Just as with issues of actual, physical lust; in the virtual world, it's up to individuals to protect themselves by either abstaining from potentially risky activities altogether or learning to use the proper protection.

Join the CSO newsletter!

Error: Please check your email address.

Tags PornhubsecurityXhamster.commalware

More about BBC Worldwide AustralasiaCNNFacebookGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Evan Dashevsky

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts