Piracy Sites Collect $70 Million a Year by Installing Malware (Study)

Internet Piracy

A new study estimates that sites that traffic in pirated content collect $70 million per year for installing malware, underscoring the threat of content theft to consumers.

The study, called “Digital Bait,” was commissioned by Digital Citizens Alliance and conducted by RiskIQ, and sampled 800 sites dedicated to distributing infringing movies and TV shows. According to RiskIQ, one out of every three of the sites contained malware.

“It’s clear that the criminals who exploit stolen content have diversified to make more money by baiting consumers to view videos and songs and then stealing their IDs and financial information,” Tom Galvin, the executive director of Digital Citizens Alliance, said in a statement.

The study also showed that 45% of malware was delivered by “drive-by-downloads,” which invisibly download to a user’s computer without requiring them to click on a link.

Malware can allow hackers to sell bank and credit card information on underground Internet exchanges, or to use information to steal a user’s identity. It also has been used to “lock” a computer and demand a ransom before returning access to the user.

“By dangling such content as bait, criminals lure in unsuspecting users and infect their computers,” the study said. “In doing so, these criminals are exploiting a lack of understanding and awareness among users about the risks visiting shady websites can pose.”

Elias Manousos, CEO of RiskIQ, said that the study shows a higher rate of malware on torrent sites.

“While some torrent sites directly host malicious programs, most torrent publishers and malvertisers use ad and affiliate networks to deliver their exploits and malicious programs in exchange for payment,” he said in a statement.

The study arrived at the $70 million figure by making a calculation based in part on the 4,865 sites receiving more than 1,000 or more copyright removal requests in a year in Google’s Transparency Report.

“While this is a rough estimate limited by the lack of comprehensive visitation data, it is easy to see that malware and content theft work together as a big business for the organizations behind them,” the study said.

The complete report and methodology is here.