Content theft sites pose a serious and growing threat to Internet users by exposing them to harmful malware that can lead to identity theft, financial loss and computers being taken over by hackers, according to Digital Bait – a new research report commissioned by the Digital Citizens Alliance, a consumer-oriented coalition focused on educating the public and policy makers on the threats that consumers face on the Internet.
Cyber security firm RiskIQ found that one out of every three content theft sites exposed users to malware. Internet users who visited content theft sites were 28 times more likely to get malware from these sites than from mainstream websites or licensed content providers.
Peddling content-driven malware is now big business: RiskIQ estimates that content thieves are making an estimated $70 million a year just from allowing malware distributors to place malicious code on their websites. Once malware is on the content theft site, malware distributors make even more money by ripping off and exploiting their access to Internet users’ computers.
“It’s clear that the criminals who exploit stolen content have diversified to make more money by baiting consumers to view videos and songs and then stealing their IDs and financial information,” said Tom Galvin, Executive Director of the Digital Citizens Alliance. “It’s criminal behaviour, and it should be a wake-up call for consumers as well as law enforcement that a new front must open in the battle against cyber criminals and malware peddlers exploiting Internet users.”
After its two Good Money Going Bad reports explored the business models behind ad-supported content theft sites, DCA commissioned RiskIQ, a leading provider of online security and ad monitoring services, to estimate the amount and type of malware that content theft sites carry and to explore the connection between content theft and malware ecosystems in the dark corners of the Internet.
RiskIQ probed a sample of 800 sites dedicated to distributing stolen movies and television shows. The results were alarming:
“Users beware. The data from this report shows a much higher incident rate of malvertising and malware delivery in general on torrenting sites. Simply visiting these sites puts the device you use and your personal information at risk from malware, adware and spyware,” said Elias Manousos, CEO of RiskIQ. “Even more troubling is the ecosystem that has evolved to take advantage and monetise torrent traffic. While some torrent sites directly host malicious programs, most torrent publishers and malvertisers use ad and affiliate networks to deliver their exploits and malicious programs in exchange for payment.”
What makes this research so troubling is that ID theft is an increasing concern for Americans. The US Department of Justice reports that 16.2 million US consumers have been victimised by identity theft, with financial losses totalling over $24.7 billion.
“We can’t just throw up our hands and do nothing. Parents must teach their kids that they are junking up their computers by going on content theft sites; Internet safety groups and all responsible players in the Internet ecosystem must ramp up awareness campaigns; and law enforcement must step up its efforts to catch and combat malware peddlers,” added Galvin.