As with herpes, one of the peripheral embarrassments of contracting a computer virus is that everyone has a pretty good idea of what you were up to when you got it. Oh sure, it's possible you just chastely pecked a misleading email link. But odds are you picked it up because you were dallying on one of those shady, fly-by-night websites that people visit when they're seeking fulfillment. You know — religious sites.
What's that? Church blogs and Christian youth forums aren't the first thing that comes to mind when you think of scareware, malware, worms and Trojan horses? They should be. In its latest annual Internet security threat report, Symantec, the maker of Norton AntiVirus software, found that "religious and ideological sites" have far surpassed pornographic websites as targets for criminal hackers. According to the company you're now three times as likely to encounter malware — insidious software that can steal your data, pelt you with spam, or enslave your machine in a botnet — on your local church blog as you are on a porn site.
The explanation is straightforward: The entrepreneurs who run adult websites are old hands at Web security, and they've long since learned to use protection. Those who build and host church websites, by contrast, may have the best intentions, but they tend to be naive and inexperienced. For hackers, that makes them easy prey.
Take Stephen Morrissey, a Pittsburgh-area e-commerce architect who moonlights as a Web developer for churches looking to establish an online presence. He admits he didn't have the first clue about Web security when he volunteered to build a website for his mother's small church in Wilkes-Barre, Pa. three years ago. He had designed simple, static Web pages before, but for the church he used a popular, freely available scripting language called PHP to add a few interactive elements.