This week, I saw reports on a couple of fairly large news sites and blogs about a study that supposedly shows porn sites contain far less malware than “normal” websites. While this makes for nice headlines, I was interested in this study and spent some time looking for the actual data used to reach this conclusion.

adult_warning

The result: the closest thing I could find was this quote:

As the folklore of the Web goes, one contracts a computer virus in places analogous to where one might contract certain types of real viruses: in “bad” neighborhoods one shouldn’t be in the first place. But times are changing, and though New York City cleaned up Times Square, cybercrooks are setting up shop in some of the Web’s busiest places.

The source is this article, found via hack in the box. It quotes MessageLabs data, but the data is not publicly available at this moment, and neither is a more detailed report. The numbers that are given don’t mention adult sites at all; the main message is that most malware is hosted on “old” sites rather than newly registered domains.

This might be news for some people, but it reflects the current situation on the internet very well. Most malware is distributed on “real” websites (as opposed to botnets used to distribute malicious content), and not on domains just registered by criminals.

There are some obvious reasons for this:

  • Older sites are more likely to be running old software with known vulnerabilities, and are thus more easy to abuse
  • These sites will already have visitors, so you don’t need to find a way to get them to your malicious site
  • You don’t need to steal credit cards to pay for your new domains and arrange for your own webhosting

In short, it just makes sense to abuse existing domains. And to get back to the adult hosting that was mentioned, several people have already mentioned that there is also a reason that these are generally “safe”, at least from malware: these sites are high-profile targets for attacks, and as such more likely to take security seriously. Not in the least because these rely on subscriptions rather than ads, and need to provide value for money or risk losing paying visitors fast.