One out of three sites that host pirated movies and television shows also host malware that can be used to perpetuate ad fraud or identity theft, according to a new study commissioned by the Digital Citizens Alliance.
For the study, researchers from RiskIQ examined 800 "piracy" sites every day for a four-week period in the summer of 2015, and also examined sites from a control group of 250 sites every day for a month. Thirty-three percent of the piracy sites hosted malware, compared to just 2% of the sites in the control group.
The piracy sites included 25 sites from the Notorious Markets Report published by the U.S. Trade Representative, the top 25 sites named by Google in its transparency report (which lists sites that draw complaints by copyright owners) and a selection of 750 sites of varying sizes named in Google's transparency report. The control group included 100 sites that license content, like Amazon, and a broad range of 150 "mainstream" sites.
Researchers found that 45% of malware took the form of "drive-by downloads," meaning that the programs could install themselves on users' computers even if people didn't click on any links on the sites.
The malware found on the piracy sites tended to be either Trojans, which can log consumers' keystrokes or scrape their hard drives for data, or software used for ad fraud. "This is disturbing news for the advertising industry and consumers," writes the Digital Citizens Alliance, a nonprofit partially funded by movie studios. "Bad actors dangle free content, consumers take the bait, and the end result is millions of identities at risk and billions of dollars stolen."
The study only examined whether malware was present on the sites, not whether it was downloaded by users. In some cases, users who downloaded the latest available security updates might not have been vulnerable to the malware.
"We know that exposure doesn't mean infection," Tom Galvin, executive director of the Digital Citizens Alliance, tells MediaPost. But, he adds, "repeated exposures increase your likelihood of infection."