CYBERSPACE—In what is being called the first analysis of its kind, five security researchers from the Technical University of Vienna, Sophia Antipolis and UC Santa Barbara operated their own adult website in order to understand firsthand how the adult online economy works, according to an article on MIT’s Technology Review website. A paper on their findings will be presented June 7 at the Ninth Workshop on the Economics of Information Security at Harvard University.
The bad news, wrote Christopher Mims, is that the researchers concluded the industry is “exposing everyone who consumes its wares to previously unsuspected levels of malware.” Data culled from their own sites shows that “43 percent of the clicks that arrived at their own adult website belonged to users whose browsers were vulnerable to a known exploit in either Adobe Flash or handling of the Microsoft Office or Adobe PDF document types.”
The group purchased traffic from brokers in the course of their research, reportedly spending $160 to acquire 47,000 clicks, of which 20,000 could have been exploited to build a botnet, according to the article. What the researchers discovered is that “they easily could have leveraged their investment for a hefty profit by serving as the vector for a Pay-Per Install affiliate program, which in one instance offered $130 per 1,000 installs to drop malicious code (malware, adware etc.) onto exploited machines.”
Curious to assess how much of the potentially vulnerable sites were actually being exploited, the team, led by Glibert Wondracek, built an automated web-crawler that downloaded “the content of almost a half million URLs spread across thousands of adult websites. Incredibly, 3.23 percent of those pages ‘were found to trigger malicious behavior such as code execution, registry changes, or executable downloads,’ five times the prevalence of malware discovered by previous research on the subject,” wrote Mims.
Subsequent calculation by Mins determined that if one were to multiply the aforementioned percentage by any number of porn variables—for instance, the percentage of internet users who view porn (42.7%), or the percentage of men who view porn while at work (20%)—results lead inexorably to the conclusion that “internet porn is a major vector for infection of vulnerable machines.”
According to Mins, the researchers also found that porn sites are more likely to contain higher rates of malware than traditional media because of the industry’s “almost total lack of policing or enforcement by the brokers who move traffic between adult websites. According to Wondracek et al.'s analysis of the economy of online porn sites, 9 out of 10 are ‘free’ sites that host image or video galleries and make money by directing traffic to pay sites or even to one another. This traffic is monetized through traffic brokers—the majority of which do not even visit the sites in their affiliate networks, according to experiments conducted by the researchers.”
The lack of industry verification that traffic is being sent by humans and not click bots, said the researchers, led them to the conclusion that “it would potentially be quite easy to defraud not only users, but the traffic brokers and for-pay porn sites that enable the vast ecosystem of free adult media sites.”
As to why porn sites are such accommodating breeding grounds for these malicious techniques, the researchers concluded that user behavior unique to porn sites surfers was a likely explanation.
“How else,” wrote Mims, “can we explain the fact that in the course of the experiment, users clicked many times on single links that were randomly directing them to anything but the media they were apparently after—a practice widespread among free porn sites?”
The study can be read by clicking here.