Position Paper: Malware on Religious Sites

This just in: the Sydney Morning Herald recently reported1 on a new study by Symantec, indicating that surfers for religious material are more likely to become the victim of a certain form of malware (“drive by attacks”) than pornographic sites. Surprisingly, pornographic material sites are relatively safer than blogs, personal sites, and educational sites (blogs in general were found to have the highest incidence of malware, 19.8% of sites infected versus 2.4% of porn sites). The study further noted that religious sites had, on average three times the number of threats per infected site than porn sites. The study then suggests that that 61% of malware is found on websites where owners are unaware of the infection.2. It is suggested that the reason porn sites rank lower is that porn sites are profitable, and malware would not be good for repeat business.

We at the Center believe there are two distinct sets of sites in the “religious malware site” category: intentional and unintentional, but that there is an additional subtlety.  By definition, a “Christian” walk excludes intentional harm to others through malware. So, the first set of sites, are shells, religious in name only, set up by the unscrupulous to prey on the unsuspecting visitor. Hiding unscrupulous actions behind a “Christian” badge is nothing new, but every new technology brings new twists. For example, nowadays there are many “phishing” emails and tweets — communications designed to obtain money or information such as passwords or identities– currently using the technique of posing as a trusted or trustworthy identity, simply because the scams work better given this (false) association. This technique is known as social engineering, because it doesn’t just simply attack, it relies on instead on tricking the person in receipt of the communication to step into the snare.

The second set of “religious malware” sites are unintentional. The infection is unknown to the site owner, as Symantec estimates is true in 61% of website malware cases. Perhaps the owner is a busy pastor who has good intentions, yet lacks either the skill or time to keep the site current, contrasted against porn sites that may have membership fees for site use, making it much more likely that a malware attack on a porn site would be reported to its owner.  Religious sites are not only largely easier prey to malware attacks than the for-profit porn sites, which are run professionally, they are also attractive malware targets, because visitors wouldn’t expect to be infected there.

What to do?

Each set of sites requires its own response. For the first, intentional harm posing under the Christian banner, follow the advice in Matthew 10:16: ‘See, I am sending you out like sheep into the midst of wolves; so be wise as serpents and innocent as doves.”   In the case of electronic harm, remember that the web community is more like a gold-rush town than a living room full of trusted friends. Alert your own community to the dangers. Practice vigilance and care when “traveling” the wild, wild, web.

For the second set of sites, owners and visitors have different possible responses: if a site you knew to be helpful suddenly pops up with malware (and there is a possible way to do so) contact the owner, who may be unaware of what has happened. Realizing that malware does the direct opposite of helping, and given this new information about the special harm posed by malware on “religious” sites, the responsibility for religious site owners becomes clear: first, do no harm. There is an American proverb that fits this situation: “hell is full of good meanings, but heaven is full of good works“.

So, what is a well-meaning owner of a religious site to do to help ensure that their site is not a road to malware hell?  Now is the time to commit resources to security, so that the site can be vigilantly attended and reasonably expected to be malware-free. If a site is hit with a malware attack, the owner must have the resources available to both learn of and deal with the occurrence in a timely matter. Malware must not be allowed to linger for weeks, and should ideally be caught and cleared within 24 hours.  This vigilance should extend to posts and tweets from others onto pages and streams you own: social engineering often poses as interesting or urgent posts to links ending at phishing or malware. If a resource owner is unable to commit such resources, they might consider turning over their resource to someone else who does, or giving the content to someone else and shutting the site down. Better to be silent than to cause harm.


1Religion ‘riskier than porn’ for online viruses. Sydney Morning Herald, May 2, 2012.  Online at http://www.smh.com.au/digital-life/consumer-security/religion-riskier-than-porn-for-online-viruses-20120502-1xxx4.html and accessed May 2, 2012.
2The Symantec study is available online at Symantec.com: http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf, accessed May 2, 2012.

Categories Stormy Issues | Tags: , | Posted on May 2, 2012

Social Networks: RSS Facebook Twitter Google del.icio.us Stumble Upon Digg Reddit

Comments are closed.