According to experts at Sophos, the affected Web sites contain many posts that attempt to entice readers to various child pornography sites. The majority of the pages are on legitimate Web sites and one is even on a Web site designed for children. The posts are all found on message boards within these sites. All contain offensive words and hidden links to the pornography sites.
"What's most worrying about these posts is that they're happening on legitimate sites -- any Web site can fall victim to an attack, no matter what the content," said Fraser Howard, Principal Virus Researcher at Sophos. "This means that innocent Web surfers, including children, may stumble across this kind of offensive content. Every Web host must ensure that all areas of their site are fully protected and that all user input is carefully screened before it is posted on the site."
Experts have noted a recent upsurge in attacks involving malicious code injection onto legitimate Web pages. Ordinarily such attacks are for the purpose of installing malware on victim machines.
"Some of the same techniques that malware authors use in order to infect victims with malware are being used to distribute links and drive traffic to all sorts of Web content," continued Howard. "The fact is that any unprotected Web site can be targeted by cyber criminals trying to spread their malicious content. It is essential that Web hosts remain vigilant for hackers' attacks, and deploy security solutions to defend against new and emerging threats."
The sites hosting these posts have been reported to the Internet Watch Foundation, the self-regulatory body that combats illegal content online.
