
"What is most worrying about these posts is that they are happening on legitimate sites. Any website can fall victim to an attack, no matter what the content," said Fraser Howard, principal virus researcher at Sophos.
"This means that innocent web surfers, including children, may stumble across this kind of offensive content.
"Every web host must ensure that all areas of their site are fully protected and that all user input is carefully screened before it is posted on the site."
Howard added that there has been a recent upsurge in attacks involving malicious code injected onto legitimate web pages. Such attacks are usually for the purpose of installing malware on victim machines.
"Some of the same techniques that malware authors use in order to infect victims are being used to distribute links and drive traffic to all sorts of web content," explained Howard.
Sophos has reported the sites hosting these posts to the Internet Watch Foundation, the self-regulatory body that combats illegal content online.