Viewer Beware: Internet Users 28 Times More Likely to Get Malware From Content Theft Sites, RiskIQ Study Uncovers

Drive-by Downloads: Nearly Half of Malware Is Delivered To Users' Computers From Content Theft Sites Without Even Requiring Click on a Link

December 10, 2015

5 Min Read


WASHINGTON, Dec. 10, 2015 /PRNewswire-USNewswire/ -- Content theft sites pose a serious and growing threat to Internet users by exposing them to harmful malware that can lead to identity theft, financial loss and computers being taken over by hackers, according to Digital Bait - a new research report commissioned by the Digital Citizens Alliance.

Cyber security firm RiskIQ found that one out of every three content theft sites exposed users to malware. Internet users who visited content theft sites were 28 times more likely to get malware from these sites than from mainstream websites or licensed content providers.

Peddling content-driven malware is now big business: RiskIQ estimates that content thieves are making an estimated $70 million a year just from allowing malware distributors to place malicious code on their websites. Once malware is on the content theft site, malware distributors make even more money by ripping off and exploiting their access to Internet users' computers.

"It's clear that the criminals who exploit stolen content have diversified to make more money by baiting consumers to view videos and songs and then stealing their IDs and financial information," said Tom Galvin, Executive Director of the Digital Citizens Alliance. "It's criminal behavior, and it should be a wake-up call for consumers as well as law enforcement that a new front must open in the battle against cyber criminals and malware peddlers exploiting Internet users."

After its two "Good Money Going Bad" reports explored the business models behind ad-supported content theft sites, DCA commissioned RiskIQ, a leading provider of online security and ad monitoring services, to estimate the amount and type of malware that content theft sites carry and to explore the connection between content theft and malware ecosystems in the dark corners of the Internet.

RiskIQ probed a sample of 800 sites dedicated to distributing stolen movies and television shows. The results were alarming:

- Merely visiting a content theft site can place a user's computer at risk: 45 percent of malware was delivered through so-called "drive-by downloads" that invisibly download to the user's computer - without requiring them to click on a link.

- Once hackers get into a computer, they can use it for a wide range of criminal schemes where the user of the computer is the victim. These include:

+ Stealing Bank and credit card information that is then sold on underground Internet exchanges. After the hack, consumers find their bank accounts depleted or suspicious charges on their credit cards. There is an underground market for credit card information that ranges from $2 to $135 per credit card credential.

+ Finding personal information that makes it easier to sell a person's identity to the highest bidder online. In July, the FBI added five online criminals to its "Most Wanted" list for creating computer programs that stole identities and financial information.

+ Locking a user's computer and demanding a ransom fee before returning access to their files.

- Hackers don't just steal personal information and financial records – they gain access to an Internet user's computer, enabling them to control it for nefarious purposes, including ad fraud, spamming, denial of service attacks, or extortion by threatening to cripple businesses through attacks on their computer systems.

"Users beware. The data from this report shows a much higher incident rate of malvertising and malware delivery in general on torrenting sites. Simply visiting these sites puts the device you use and your personal information at risk from malware, adware and spyware," said Elias Manousos, CEO of RiskIQ. "Even more troubling is the ecosystem that has evolved to take advantage and monetize torrent traffic. While some torrent sites directly host malicious programs, most torrent publishers and malvertisers use ad and affiliate networks to deliver their exploits and malicious programs in exchange for payment."

What makes this research so troubling is that ID theft is an increasing concern for Americans. The U.S. Department of Justice reports that 16.2 million U.S. consumers have been victimized by identity theft, with financial losses totaling over $24.7 billion.

"We can't just throw up our hands and do nothing. Parents must teach their kids that they are junking up their computers by going on content theft sites; Internet safety groups and all responsible players in the Internet ecosystem must ramp up awareness campaigns; and law enforcement must step up its efforts to catch and combat malware peddlers," added Galvin.


About Digital Citizens

Digital Citizens is a consumer-oriented coalition focused on educating the public and policy makers on the threats that consumers face on the Internet and the importance for Internet stakeholders – individuals, government and industry - to make the Web a safer place. Based in Washington, DC, the Digital Citizens Alliance counts among its supporters: private citizens, the health, pharmaceutical and creative industries as well as online safety experts and other communities focused on Internet safety. For more information, please visit


About RiskIQ

RiskIQ provides organizations the visibility and intelligence they need to secure their Enterprise Digital Footprint and to map their Adversaries' infrastructure. RiskIQ products, powered by a global proxy network, virtual user technology, and threat analysis engine allows organizations to get an actionable and timely picture of both their own and their adversaries infrastructure proactively defending against threats targeting their websites, mobile applications, brands, customers, and employees. Leading financial institutions, insurance providers and consumer as well as B2B brands use RiskIQ to protect themselves and their users from code level threats, malware, phishing, social media attacks and fraud. RiskIQ is headquartered in San Francisco and backed by growth equity firms Summit Partners and Battery Ventures. To learn more about RiskIQ, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights