Symantec: Religious Sites "Riskier Than Porn For Viruses"

First time accepted submitter kongshem writes "According to Symantec's annual Internet Security Threat Report, religious and ideological websites have far more security threats per infected site than adult/pornographic sites. Why is that? Symantec's theory: 'We hypothesize that this is because pornographic Web site owners already make money from the Internet and, as a result, have a vested interested in keeping their sites malware-free — it's not good for repeat business,'"

More details?

[Inquisitus]

TFA is incredibly light on details. Where's the link to the report itself? How is a threat defined? And is than statistic of three times the number of threats normalized over all sites in each category (as TFA suggests), or just the infected ones (as the summary suggests)?

It is interesting to note that websites hosting adult/pornographic content are not in the top five, but ranked tenth

So how are they categorizing pornographic websites? What are the other 9 categories that are more "dangerous"?

Another possible explanation

[wvmarle]

While their ideas may be true, by my understanding it's mainly the free porn sites that are riskiest. It used to be that they set up expensive dialers, or other ways to make money. I believe it's a way for them to make money other than by serving ads or selling subscriptions, and that actually webmasters installed that stuff on their sites. Those dialers at least tended to be called after porn sites, and actually gave (paid) access to the sites.

Dialers don't work anymore these days of course, with no-one using modems and dial-up. And maybe webmasters have cleaned up their act too.

Now those religious sites, they are usually set up by people with a passion - to spread a certain message, about a religion or otherwise, and that are often people with little or no knowledge on setting up a website and keeping it malware free. As such I would expect such sites to be a relatively soft target for malware attackers, that then use the site to distribute their wares without the webmaster knowing. A very different scenario.

That porn sites are often in it for the money, will definitely also help. At least they'll have someone around that knows how to secure a web site.

Re:More details?

[RsG]

I'd like some more detail too.

TFA specifically mentioned sites that have been hijacked. Which makes sense to me, since there can't be that many sites where the viruses are the work of the site owner - spyware is another matter entirely. Porn sites, especially pay sites, are bound to have better security than a site made by amateurs.

Which leads me to wonder why religious sites would be hijacked more frequently than other amateur operations. Are they more vulnerable due to shoddy security practices? Are they attractive to people looking to spread viruses? Do they have a reputation for attracting users who may not have antivirus software installed?

Re:More details?

[dgatwood]

Are the religious sites with the most viruses perhaps connected with religions that certain governments (whose names and faces have been changed to protect the ignorant) might associate with terrorism? If so, what's the chance that these viruses are, in fact, actually cyberwarfare rather than cybercrime? Just a thought.

Re:Dawkins/GODSPOT-0DAY

[Surt]

Indeed, atheism has as little support in science as theism. Agnosticism is the only scientific viewpoint.

Re:Original report

[Grygus]

Wait. Triple the average number of threats per infected site doesn't mean that you're more likely to get a virus by visiting one of those sites; it means that you're more likely to get multiple infections from a site that is infected, but that is not the same thing at all. You might get a similar result if 99% of all religious sites were safe, but each of the other 1% had every virus and worm in the wild, for example - infections per bad site are extreme, but you'd still be 99% safe visiting those kinds of sites.

Combine that with the fact that this isn't even a category in the top 10, and this whole story feels made up to me.

Re:JEBUS will protect me!

[WrongSizeGlass]

But I was also going to say "uhm... you think churches DON'T make money?!" They make LOTSA... tax-free money.

Very true, but their website is not how they make their money. TFS made it clear that porn sites "already make money from the Internet and, as a result, have a vested interested in keeping their sites malware-free." If churches used a 'pay to pray' web model they too would be more inclined to make sure their websites were clean.

About a month ago one of my clients got infected by going to their church's website. I was able to verify it simply by going to the church's home page with the browser agent set to any Windows browser (instead of as a Mac).

Re:JEBUS will protect me!

[jellomizer]

Most small religious websites do not have the resources or the skill sets to keep it clean. Here is how it works... Someone from the youth ministry (probably age 14-16) setups the web site for the church. They keep it going for a year. Then they graduate, start other activities and the web site just kinda sits there. Someone may be skilled to keep the data up to date but no one ever really knows how to maintain a website. The box runs and collect dust unpatched until it gets hit with viruses and worms. No one knows there is a problem or how to fix it.

Re:JEBUS will protect me!

[hackula]

I think it depends on the type of church, but being in the south, I can definitely say that its true for the nondenoms and baptists around here. They might not have gold chairs like the catholics, but their sound systems are not far from it. Many of the ones around here have $500k+ sound systems. The big nondenominational in my city is like walking into a damn mall (When you have a sign pointing to the food court or the coffeeshop in your church, something is getting weird). In Atlanta there is one that might as well be an airport terminal. It has and entire self contained Chucky Cheese style play place inside of it. Watch, 2000 years from now everyone will be waiting for the second coming of Cheezus of Nazareth, the giant, holy, pizza-loving rat.

Re:JEBUS will protect me!

[mcgrew]

I guess I'll have to RTFA, because I've never seen a church site with ads. How is this malware getting into the sites in the first place?

When you say "you think churches DON'T make money" you raise a valid point. There are churches, and there are "churches". I wouldn't doubt for a minute that you might get infected by visiting a certain Baptist church in Florida, you know, the one that openly sins at soldiers' funerals.

I'm pretty sure that many clergy are in fact in it for the money. I've always said "never trust a preacher who wears a necktie" because the tie is the symbol of wealth and power, which is mostly what Jesus preached against. If the preacher is wearing a $4000 suit, you listen to him at peril of your very soul.

Then there are churches like the one I attend. It's a big, rich church, but I don't see any of its clergy driving Escalades or wearing expensive clothing. The money mostly goes to the poor, and that's the poor everywhere. Much goes to Africa, but that's because so much of that continent is so impoverished.

Last Christmas they donated two weeks worth of groceries to any family who had a child or children in Harvard Park Elementary, the grade school in the poorest part of town, because those kids don't look forward to Christmas. Christmas is when they don't get the government-funded school lunches, and those kids normally go hungry on Christmas break.

Contrast that with Pat Robertson's church... yeah, some churches are scams. "Beware wolves in sheep's clothing."

Re:JEBUS will protect me!

[mcgrew]

I see you've never read the new testament. You don't have to pay for sin, sin's price was paid in blood by an innocent man. All you have to do is repent those sins and accept that innocent man's sacrifice.

You've probably never read a single word of the bible, not just the new testament. Most bible thumpers I know don't read the bible they thump. I had an argument with a former girlfriend when I mentioned that Jesus went to hell when he died, and she was outraged.

A month ago she called and apologized, seems a preacher showed her the text I had referred to.