Paedophiles using new method to hide child abuse images online

Paedophile criminals are finding new ways to distribute images of child abuse, and hide them from the authorities, according to a new report by the Internet Watch Foundation (IWF).

According to the IWF’s annual report, some child sexual abuse content is hidden on the web by the trick of displaying different content depending on whether a website is visited via a particular referring website or not.

In other words, if you simply typed in the URL of a website you might be presented with legal, adult pornography. However, if the same website is visited via a particular gateway, the website would know where its traffic has been referred from and display child abuse images instead.

The IWF points out that one issue this has raised is that when a member of the public reports to the authorities the existence…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

One comment on “Paedophiles using new method to hide child abuse images online”

  1. Deviokta

    ClamXav – fairly sure I am right here – is just a gaaihpcrl front-end for using the ClamAV engine for on-demand scans. When you want to scan something, you can. That can be useful, but it only _detects_ malware. It can't prevent it. To deal with malware properly, you need an on-access, or real-time scanner. And to do that properly, you need a kernel driver. And you'd better do _that_ part properly, because it becomes, well, part of the OS kernel itself. Imagine you install some new software, which may unravel all sorts of other components out of its package (which needn't follow Apple's rules, of course), and download a whole load of stuff directly off the web, and generally litter your Mac with new items. With an on-demand scanner, you can then scan your computer – which generally takes quite a while – to see if anything dodgy was installed as part of the process. If it was, congratulations! You're already infected. Aaargh! An on-access scanner examines each file system object as it is accessed (hence the name on-access), and can block access to dodgy files before they are used. This not only detects, but also _prevents_ infection. Sophos Anti-Virus has an on-access scanner. To me (but let me mention my lack of objectivity again), that's not an advantage…it's a must. For another reason, see #10 in the ClamXav FAQ :-) "Should I get rid of my other virus scanner and just use ClamXav from now on?" Have you paid good money for it? If so, and you have no pressing reason to dump your other scanner, then I would honestly have to say "no". You've paid, so you may as well get your money's worth from it!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.