Paedophiles using new method to hide child abuse images online

IWF logoPaedophile criminals are finding new ways to distribute images of child abuse, and hide them from the authorities, according to a new report by the Internet Watch Foundation (IWF).

According to the IWF’s annual report, some child sexual abuse content is hidden on the web by the trick of displaying different content depending on whether a website is visited via a particular referring website or not.

In other words, if you simply typed in the URL of a website you might be presented with legal, adult pornography. However, if the same website is visited via a particular gateway, the website would know where its traffic has been referred from and display child abuse images instead.

The IWF points out that one issue this has raised is that when a member of the public reports to the authorities the existence of a page hosting child abuse content, an analyst examining the reporting URL may only find legal adult content.

Sign up to our free newsletter.
Security news, advice, and tips.

The IWF says that it encountered use of the technique nearly 600 times during 2011, and is working with its partners around the world to tackle the trend.

The IWF is the UK internet hotline for the public to report their inadvertent exposure to online child sexual abuse content hosted anywhere in the world and non-photographic child sexual abuse images, criminally obscene adult content and incitement to racial hatred content hosted in the UK.

Sophos supports the IWF’s aims and works with them to protect internet users from inadvertent exposure to child sexual abuse images. From time to time SophosLabs encounters website content and images in spam which are extremely disturbing, and where appropriate we report these to the IWF.

“It’s vitally important to invest in combating the inventiveness of child abusers,” said Mark Harris, VP of SophosLabs and Global Engineering Operations at Sophos. “We intercept new methods of distributing images of abuse all too often, and we’re committed to reporting all instances to the authorities that identify perpetrators and rescue victims.”

You can learn more and download the full report from the IWF’s website.

For more information or to report a website visit www.iwf.org.uk.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Paedophiles using new method to hide child abuse images online”

  1. Deviokta

    ClamXav – fairly sure I am right here – is just a gaaihpcrl front-end for using the ClamAV engine for on-demand scans. When you want to scan something, you can. That can be useful, but it only _detects_ malware. It can't prevent it. To deal with malware properly, you need an on-access, or real-time scanner. And to do that properly, you need a kernel driver. And you'd better do _that_ part properly, because it becomes, well, part of the OS kernel itself. Imagine you install some new software, which may unravel all sorts of other components out of its package (which needn't follow Apple's rules, of course), and download a whole load of stuff directly off the web, and generally litter your Mac with new items. With an on-demand scanner, you can then scan your computer – which generally takes quite a while – to see if anything dodgy was installed as part of the process. If it was, congratulations! You're already infected. Aaargh! An on-access scanner examines each file system object as it is accessed (hence the name on-access), and can block access to dodgy files before they are used. This not only detects, but also _prevents_ infection. Sophos Anti-Virus has an on-access scanner. To me (but let me mention my lack of objectivity again), that's not an advantage…it's a must. For another reason, see #10 in the ClamXav FAQ :-) "Should I get rid of my other virus scanner and just use ClamXav from now on?" Have you paid good money for it? If so, and you have no pressing reason to dump your other scanner, then I would honestly have to say "no". You've paid, so you may as well get your money's worth from it!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.