Porn Sites Used To Be Riddled With Computer Viruses. You’ll Never Guess Where the Malware Is Now

Innovation, the Internet, gadgets, and more.
May 24 2012 7:54 PM

Unprotected Sects

When it comes to computer viruses, you’re now more likely to catch one visiting a church website than surfing for porn.

The malware famously found on porn sites has largely found a new home

AFP/Getty Images.

As with herpes, one of the peripheral embarrassments of contracting a computer virus is that everyone has a pretty good idea of what you were up to when you got it. Oh sure, it’s possible you just chastely pecked a misleading email link. But odds are you picked it up because you were dallying on one of those shady, fly-by-night websites that people visit when they’re seeking fulfillment. You know—religious sites.

Will Oremus Will Oremus

Will Oremus is Slate's senior technology writer.

What’s that? Church blogs and Christian youth forums aren’t the first thing that comes to mind when you think of scareware, malware, worms, and Trojan horses? They should be. In its latest annual Internet security threat report, Symantec, the maker of Norton AntiVirus software, found that “religious and ideological sites” have far surpassed pornographic websites as targets for criminal hackers. According to the company you’re now three times as likely to encounter malware—insidious software that can steal your data, pelt you with spam, or enslave your machine in a botnet—on your local church blog as you are on a porn site.

The explanation is straightforward: The entrepreneurs who run adult websites are old hands at Web security, and they’ve long since learned to use protection. Those who build and host church websites, by contrast, may have the best intentions, but they tend to be naive and inexperienced. For hackers, that makes them easy prey.


Take Stephen Morrissey, a Pittsburgh-area e-commerce architect who moonlights as a Web developer for churches looking to establish an online presence. He admits he didn’t have the first clue about Web security when he volunteered to build a website for his mother’s small church in Wilkes-Barre, Pa. three years ago. He had designed simple, static Web pages before, but for the church he used a popular, freely available scripting language called PHP to add a few interactive elements.

Three months after the site went live, Morrissey took a glance at its Web traffic numbers and saw they had dropped off a ledge. Trying to visit the site himself, he found the path blocked by Google, which had posted an alert marking it as malicious. Scanning his code, he ran across a snippet he hadn’t put there and didn’t understand. “It was a bunch of gobbledygook,” he recalls. He immediately took the site offline and reported the intrusion to Symantec. He never did find out just what type of malware had been installed there. And luckily, the Google warning seems to have scared off most of the parishioners before their machines could be infected.

In retrospect, Morrissey says, he should have consulted security experts before building the site. The problem, in his view, is that churches are eager to get online, but many don’t understand what’s involved. And they’re so used to relying on volunteers to run their programs that they don’t realize that might be a bad idea when it comes to websites. “Oftentimes it’s an IT person who maybe has a clue about websites, but no real experience at the professional level,” he says. For his part, Morrissey moved that site, and the others he manages, from GoDaddy’s bare-bones hosting service to WordPress, a popular, standardized content management platform that regularly adapts its code to thwart hackers. To his knowledge, none of his sites have been compromised since.

But experts in the field point out that WordPress can be vulnerable too, especially for users who don’t recognize the importance of downloading its security updates as soon as they’re released. Those experts include Carmen Merighi, co-owner of a Florida-based Web development company called Online Technologies Group. The bland name belies the company’s racy clientele, which is dominated by adult websites. Merighi has been building and hosting sites for adult domains since 1996, before most churches had ever conceived of the idea of an online presence.

Merighi says the online porn industry in the 1990s resembled the online religious community today—technologically speaking, of course. Enterprising photographers, filmmakers, bloggers, and businesspeople with limited Web savvy were starting their own sites in droves, often using the cheapest and simplest platforms available. Hackers soon capitalized, giving porn sites a well-deserved reputation as cesspools of malware, spam, intrusive pop-up ads, and sneaky redirects. But as traffic soared and companies began to cash in, competition became stiff, and the industry consolidated. Homespun sites were squeezed out, and commercial sites that failed to clean up their pages developed toxic reputations. Merighi says a few of his own sites were hacked, mostly with relatively innocuous “scareware” and “redirect” programs that try to trick people into buying fake anti-virus products or visiting sites they didn’t intend to visit.



Slate Plus Early Read: The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

Mitt Romney May Be Weighing a 2016 Run. That Would Be a Big Mistake.

Amazing Photos From Hong Kong’s Umbrella Revolution

Transparent Is the Fall’s Only Great New Show

The XX Factor

Rehtaeh Parsons Was the Most Famous Victim in Canada

Now, journalists can't even say her name.


Lena Dunham, the Book

More shtick than honesty in Not That Kind of Girl.

What a Juicy New Book About Diane Sawyer and Katie Couric Fails to Tell Us About the TV News Business

Does Your Child Have Sluggish Cognitive Tempo? Or Is That Just a Disorder Made Up to Scare You?

  News & Politics
Sept. 29 2014 11:45 PM The Self-Made Man The story of America’s most pliable, pernicious, irrepressible myth.
Sept. 29 2014 7:01 PM We May Never Know If Larry Ellison Flew a Fighter Jet Under the Golden Gate Bridge
Dear Prudence
Sept. 30 2014 6:00 AM Drive-By Bounty Prudie advises a woman whose boyfriend demands she flash truckers on the highway.
  Double X
Sept. 29 2014 11:43 PM Lena Dunham, the Book More shtick than honesty in Not That Kind of Girl.
  Slate Plus
Slate Fare
Sept. 29 2014 8:45 AM Slate Isn’t Too Liberal, but … What readers said about the magazine’s bias and balance.
Brow Beat
Sept. 29 2014 9:06 PM Paul Thomas Anderson’s Inherent Vice Looks Like a Comic Masterpiece
Future Tense
Sept. 30 2014 7:36 AM Almost Humane What sci-fi can teach us about our treatment of prisoners of war.
  Health & Science
Bad Astronomy
Sept. 30 2014 7:30 AM What Lurks Beneath The Methane Lakes of Titan?
Sports Nut
Sept. 28 2014 8:30 PM NFL Players Die Young. Or Maybe They Live Long Lives. Why it’s so hard to pin down the effects of football on players’ lives.