Why porn is an effective malware distribution mechanism

I have often said that we men are simple creatures. A brain at one end and reproductive organs at the other and only enough blood to run one at a time. However in these days of equality the same can apply to women to a similar degree possibly with different “attractors” but the meme is the same.

Porn has always been something that is a “secret” to most and it’s usage tends to be short, urgent and possibly without much forethought. In marketing terms these are “impulse buys” or in the case of most porn sites an “impulse click”. And like marketing, malware distributors want people who are impulsive and may not think the risks through to their conclusion.

A recent report by Conrad Longmore looked more closely at the top 10 porn sites and the malware risks they pose. The primary risk was not form the site provider itself but from third parties using their platforms to provide malware based advertising.

The laws of averages shows that based on the volume of people visiting these sites that even small percentages of people clicking on malware links will result in large volumes of potential victims. Not all sites were infected and many of the “top” sites have reputations to consider (yes it’s true even smut has a reputation to upkeep). And thus many are aware that they must protect users from themselves or they may get caught in the ensuing fallout.

But why does porn even work as a distribution model? Well let’s take a look at your average porn user. According to Buzzell’s “demographic characteristics of persons using pornography in three technological contexts” (2005) showed that users of porn were predominantly:

• Males
• Young
• Lived in urban areas
• Regular internet users

None of the above may seem surprising and as time progresses the male skew will probably equalise but never really go away. So you have urban males (probably with income), who use the internet regularly and may have a skewed self-assessment as to the risks.

This makes them ideal targets for bot herders and people looking for monetary gain. If a machine is infected by such an individual the malware distributor may even get multiple bites of the cherry as the young urban males is also highly likely to live at home these days. Thus possibly capturing a whole family instead of one lone individual.

Add to this that bot herders want to remain undiscovered for as long as they can and infecting non business machines is going to keep you off the radar longer. If you get the occasional works based machine it’s likely to be someone who either doesn’t care about works security policies, or is too high in the echelons to be taken to task over it. Either way it’s probably going to net good results if they want to capture credentials or make their way into a secure network.

What to do?

As a security professional it’s easy to say “just don’t do it”. But as a male I am aware that most men will ignore another man’s protestations or danger if they are already pre-inclined to take such risks. Thus the best advice I can give is, if you are going to partake in such activity do it on a “dirty” machine. One that has nothing to do with other aspects of your life. “Don’t cross the streams” as they say in ghost busters. Don’t mix your habits with your job and don’t be inclined to submit to basic urges without taking suitable precautions.

While it all seems like a public service announcement for an STD clinic… the results are much the same. An infected machine will spread infection to others including those around you. If you have to play in the dark, play safe. Keep your machine up to date, don’t use it for any other activity, and get yourself at least a basic antivirus which you update prior to any “outing”.