Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

12/10/2015
12:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Viewer Beware: Internet Users 28 Times More Likely to Get Malware From Content Theft Sites, RiskIQ Study Uncovers

Drive-by Downloads: Nearly Half of Malware Is Delivered To Users' Computers From Content Theft Sites Without Even Requiring Click on a Link

WASHINGTON, Dec. 10, 2015 /PRNewswire-USNewswire/ -- Content theft sites pose a serious and growing threat to Internet users by exposing them to harmful malware that can lead to identity theft, financial loss and computers being taken over by hackers, according to Digital Bait - a new research report commissioned by the Digital Citizens Alliance.

Cyber security firm RiskIQ found that one out of every three content theft sites exposed users to malware. Internet users who visited content theft sites were 28 times more likely to get malware from these sites than from mainstream websites or licensed content providers.

Peddling content-driven malware is now big business: RiskIQ estimates that content thieves are making an estimated $70 million a year just from allowing malware distributors to place malicious code on their websites. Once malware is on the content theft site, malware distributors make even more money by ripping off and exploiting their access to Internet users' computers.

"It's clear that the criminals who exploit stolen content have diversified to make more money by baiting consumers to view videos and songs and then stealing their IDs and financial information," said Tom Galvin, Executive Director of the Digital Citizens Alliance. "It's criminal behavior, and it should be a wake-up call for consumers as well as law enforcement that a new front must open in the battle against cyber criminals and malware peddlers exploiting Internet users."

After its two "Good Money Going Bad" reports explored the business models behind ad-supported content theft sites, DCA commissioned RiskIQ, a leading provider of online security and ad monitoring services, to estimate the amount and type of malware that content theft sites carry and to explore the connection between content theft and malware ecosystems in the dark corners of the Internet.

RiskIQ probed a sample of 800 sites dedicated to distributing stolen movies and television shows. The results were alarming:

- Merely visiting a content theft site can place a user's computer at risk: 45 percent of malware was delivered through so-called "drive-by downloads" that invisibly download to the user's computer - without requiring them to click on a link.

- Once hackers get into a computer, they can use it for a wide range of criminal schemes where the user of the computer is the victim. These include:

+ Stealing Bank and credit card information that is then sold on underground Internet exchanges. After the hack, consumers find their bank accounts depleted or suspicious charges on their credit cards. There is an underground market for credit card information that ranges from $2 to $135 per credit card credential.

+ Finding personal information that makes it easier to sell a person's identity to the highest bidder online. In July, the FBI added five online criminals to its "Most Wanted" list for creating computer programs that stole identities and financial information.

+ Locking a user's computer and demanding a ransom fee before returning access to their files.

- Hackers don't just steal personal information and financial records – they gain access to an Internet user's computer, enabling them to control it for nefarious purposes, including ad fraud, spamming, denial of service attacks, or extortion by threatening to cripple businesses through attacks on their computer systems.

"Users beware. The data from this report shows a much higher incident rate of malvertising and malware delivery in general on torrenting sites. Simply visiting these sites puts the device you use and your personal information at risk from malware, adware and spyware," said Elias Manousos, CEO of RiskIQ. "Even more troubling is the ecosystem that has evolved to take advantage and monetize torrent traffic. While some torrent sites directly host malicious programs, most torrent publishers and malvertisers use ad and affiliate networks to deliver their exploits and malicious programs in exchange for payment."

What makes this research so troubling is that ID theft is an increasing concern for Americans. The U.S. Department of Justice reports that 16.2 million U.S. consumers have been victimized by identity theft, with financial losses totaling over $24.7 billion.

"We can't just throw up our hands and do nothing. Parents must teach their kids that they are junking up their computers by going on content theft sites; Internet safety groups and all responsible players in the Internet ecosystem must ramp up awareness campaigns; and law enforcement must step up its efforts to catch and combat malware peddlers," added Galvin.

 

About Digital Citizens

Digital Citizens is a consumer-oriented coalition focused on educating the public and policy makers on the threats that consumers face on the Internet and the importance for Internet stakeholders – individuals, government and industry - to make the Web a safer place. Based in Washington, DC, the Digital Citizens Alliance counts among its supporters: private citizens, the health, pharmaceutical and creative industries as well as online safety experts and other communities focused on Internet safety. For more information, please visit digitalcitizensalliance.org.

 

About RiskIQ

RiskIQ provides organizations the visibility and intelligence they need to secure their Enterprise Digital Footprint and to map their Adversaries' infrastructure. RiskIQ products, powered by a global proxy network, virtual user technology, and threat analysis engine allows organizations to get an actionable and timely picture of both their own and their adversaries infrastructure proactively defending against threats targeting their websites, mobile applications, brands, customers, and employees. Leading financial institutions, insurance providers and consumer as well as B2B brands use RiskIQ to protect themselves and their users from code level threats, malware, phishing, social media attacks and fraud. RiskIQ is headquartered in San Francisco and backed by growth equity firms Summit Partners and Battery Ventures. To learn more about RiskIQ, visit www.riskiq.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...