Surfing porn can lead to infections

Could not resist that as a clickbait title. My apologies. Malware is a tiresome fact of life online. Ever since my first encounter with the Stoned virus years ago it has never ceased to be amaze me that the pace of this sort of software continues virtually unabated.

A friend of a friend of a friend of the family has been a notorious culprit when it comes to the spread of malicious software. He routinely sends out malware to people in his email address book and never does anything to repair the situation. To further complicate matters, he will shrug and say, “not on my computer, not my problem”. This sort of behaviour is infuriating. By his inability to do something he has become part of the problem.

To put a fine point on it, this person, let’s call him “Bob”, will buy a new computer every time it slows down. We’re talking really nice systems that have all the bells and whistles. He would complain bitterly to anyone who would listen about how bad the computer from company X was and then, unceremoniously, drop it off at the curb for the trash pick up.

I wish I was making this up. Sadly, this happens on a fairly regular cadence. Why might you ask? Well, “Bob” would not have anything on his system to afford anything resembling protection. Nothing, nada, zip, zilch, zero, bupkis. It breaks my fragile little mind when I think that he is by no means an outlier. Where he falls into the outlier category is in his inability to accept his part in this malware related debacle.

I have pondered on this many times. I have trouble rationalizing this behaviour. Then a thought struck me. Could be due to the embarrassment of having the system infected? Could it be that simple? Then I thought about the different ways that a system could be infected and I arrived back at a curious idea. How many porn site can lead to infections? Yes, malware infections.

So, I decided to check the top 10 pornography sites online and look at information that I could gather on the linkages to malware infected hosts. More accurately, I checked a list of top free porn streaming sites. The domains themselves were, for the most part safe. But, the sites that linked in were riddled with malware in some cases. There were instances of ransomware, worms and backdoors of all shapes and sizes.

Of the 10 different sites that I checked 6 of them were affected by malicious software. These sites were not compromised themselves but, systems that were connected to them in some manner were. This could easily lead to a system infection if the user wasn't paying attention and, let's be honest, the likelihood isn't great that they would be watching for security issues.

Think of it. A father of four would not be of a mind to admit to malware had infected his computer as a result of surfing porn. That’s just the obvious part. There is no shortage of sites online that can lead to infections on systems. Time and again I find myself slamming my head into the table when I hear about how “Bob” has thrown out another computer.

How do we better protect users from themselves? Malware protection only goes so far and user education will have limited utility for someone who is doing something that they may have been brought up to believe is socially not acceptable.

Is there a good answer? Well, no. Not really if we're being honest with ourselves. There is just a strong need for us to collectively do a better job of bringing the security message to the wider audience and moving beyond the navel gazing echo chamber that is Information Security.

In the meantime I'm going to take a cooler and folding chair and wait outside Bob's house. Trash day is coming.

This article was originally posted Mar 29, on Csoonline.com

Join the CSO newsletter!

Error: Please check your email address.

Tags porn piratesporninfectionmalicious softwareransomwaremalwarebackdoorsransomware attacksthreats

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dave Lewis

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place