Crime Pays: Piracy Sites Collect $70 Million a Year by Installing Malware (Study)
According to a new study called “Digital Bait” commissioned by the Digital Citizens Alliance (DCA) and conducted by cyber security firm RiskIQ, content theft sites pose a serious and growing threat to Internet users by exposing them to harmful malware that can lead to computers being taken over by hackers, identity theft, and financial loss. It is also estimated that sites that traffic in pirated content collect $70 million per year for installing malware.
RiskIQ said that one out of every three of the sites contained malware in a sampling done of 800 sites dedicated to distributing stolen TV shows and movies.
“It’s clear that the criminals who exploit stolen content have diversified to make more money by baiting consumers to view videos and songs and then stealing their IDs and financial information,” Tom Galvin, the executive director of Digital Citizens Alliance, said in a statement.
The study also showed that 45% of that malware could make its way on to a user’s device through a “drive-by-download,” which means that the user wouldn’t even notice that the installation had taken place.
The malware is able to trawl for bank and credit card account information, locate private information, or to use information to steal a user’s identity, and even lock a computer to be able to demand ransom (this type of malware is called ransomware for obvious reasons). Most troubling is the fact that compromised computers can and are used for illegal activities like fraud and the original owner ends up getting framed for the act.
There are a couple of ways to make sure this malware never even makes it near your system. Firstly, simply avoid these websites. One of the interesting claims in the study is that internet users who visited content theft sites were 28 times more likely to get malware from these sites than from mainstream websites or licensed content providers.
“By dangling such content as bait, criminals lure in unsuspecting users and infect their computers,” the study said. “In doing so, these criminals are exploiting a lack of understanding and awareness among users about the risks visiting shady websites can pose.”
Elias Manousos, CEO of RiskIQ, said that the study shows a higher rate of malware on torrent sites.
“Users beware. The data from this report shows a much higher incident rate of malvertising and malware delivery in general on torrenting sites. Simply visiting these sites puts the device you use and your personal information at risk from malware, adware and spyware,” he said. “Even more troubling is the ecosystem that has evolved to take advantage and monetize torrent traffic. While some torrent sites directly host malicious programs, most torrent publishers and malvertisers use ad and affiliate networks to deliver their exploits and malicious programs in exchange for payment.”
The study arrived at the $70 million figure by making a calculation based in part on the 4,865 sites receiving more than 1,000 or more copyright removal requests in a year in Google’s Transparency Report.
“While this is a rough estimate limited by the lack of comprehensive visitation data, it is easy to see that malware and content theft work together as a big business for the organizations behind them,” the study said.
If you want to know more, you can read the study on DCA’s website.