Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Software Piracy Increasingly Leading To Malware Infection, Study Says

More than 40 percent of software on PCs is pirated, Business Software Alliance reports

Some 41 percent of software on PCs is pirated, according to a study published last week by the Business Software Alliance (BSA). But pirated software isn't just illegal -- it could be dangerous to your machines, the BSA warns.

Many users are downloading software illegally via peer-to-peer (P2P) networks and auction sites, according to the BSA report. But these download methods can lead to malware and identity theft, the report warns.

BSA uses special technology to monitor peer-to-peer networks and auction sites, issuing "takedown requests" when it finds suspicious software being offered. In the first half of 2009, BSA says it issued almost 2.4 million takedown notices related to P2P and BitTorrent file sharing, an increase of more than 200 percent compared with the same period in 2008.

Likewise, in the first half of 2009, BSA used its in-house Internet "crawler" to identify and request the removal of almost 103,000 torrent files from nine of the largest BitTorrent hosting sites worldwide. These torrent files were being used by nearly 2.9 million individuals to download software with a retail value of more than $974 million, according to the BSA.

The report draws correlations between Internet piracy and the spread of malware such as viruses, trojans, and spyware, which often exploit vulnerabilities in illegal -- and unpatched -- software. Although the correlation is not universal, geographies with high instances of software piracy also suffer from high instances of malware, the report says.

"Pirated software can be a breeding ground for malware and can also open users up to crimes such as identity theft," says Jenny Blank senior director of legal affairs at the BSA.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.