Malware threats on pirated content sites

Content theft sites pose a serious and growing threat to Internet users by exposing them to harmful malware that can lead to identity theft, financial loss and computers being taken over by hackers.

RiskIQ found that one out of every three content theft sites exposed users to malware. Internet users who visited content theft sites were 28 times more likely to get malware from these sites than from mainstream websites or licensed content providers.

Peddling content-driven malware is now big business: RiskIQ estimates that content thieves are making an estimated $70 million a year just from allowing malware distributors to place malicious code on their websites. Once malware is on the content theft site, malware distributors make even more money by ripping off and exploiting their access to Internet users’ computers.

RiskIQ probed a sample of 800 sites dedicated to distributing stolen movies and television shows. The results were alarming:

• Merely visiting a content theft site can place a user’s computer at risk: 45 percent of malware was delivered through so-called “drive-by downloads” that invisibly download to the user’s computer – without requiring them to click on a link.
• Once hackers get into a computer, they can use it for a wide range of criminal schemes where the user of the computer is the victim.
• Hackers don’t just steal personal information and financial records – they gain access to an Internet user’s computer, enabling them to control it for nefarious purposes, including ad fraud, spamming, denial of service attacks, or extortion by threatening to cripple businesses through attacks on their computer systems.

“Users beware. The data from this report shows a much higher incident rate of malvertising and malware delivery in general on torrenting sites. Simply visiting these sites puts the device you use and your personal information at risk from malware, adware and spyware,” said Elias Manousos, CEO of RiskIQ. “Even more troubling is the ecosystem that has evolved to take advantage and monetize torrent traffic. While some torrent sites directly host malicious programs, most torrent publishers and malvertisers use ad and affiliate networks to deliver their exploits and malicious programs in exchange for payment.”

What makes this research so troubling is that ID theft is an increasing concern for Americans. The U.S. Department of Justice reports that 16.2 million U.S. consumers have been victimized by identity theft, with financial losses totaling over $24.7 billion.