It is hardly a surprise to learn that navigating to pirate websites entails a higher risk of running into malware. But a researcher from Carnegie Mellon University in Pennsylvania, US, set out to quantify the risk that this ‘free lunch’ involves in a real-world setting.
Having observed the online activities of 253 people throughout 2016, Professor Rahul Telang concluded in a newly-released paper that the more time the users spent on piracy sites the higher the likelihood that some type of malware would compromise their computers.
Specifically, every doubling of the amount of time that the users spent on various illegal torrent and streaming sites resulted in a 20-percent increase in malware count on their computers, according to the paper entitled “Does Online Piracy Make Computers Insecure? Evidence from Panel Data”.
Put differently, a 100-percent rise in the time spent on pirate websites increased “the number of malware count by almost 0.05 units”. On average, the visitors of dodgy sites ran into what amounts to 0.24 of a piece of malware per month.
The higher incidence of malware delivery remained unchanged regardless of whether or not adware was included in the equation. “In short, whether we include total malware count or malware count without adware, we find that time spent on infringing sites increases the malware count by almost 20 percent,” reads the study.
Many sites that provide access to pirated content rely on adverts for revenue. However, this may expose visitors to malicious advertising, or ‘malvertising’, in which ads are conduits for a broad range of cyber-threats.
The paper’s classification of files as either benign or malicious relied on the multiscanner site VirusTotal. The paper notes, however, that its measure of malware “is probably an undercount of the actual number of malware files found on user machines since virustotal is not able to identify all malware signatures”.
Another finding gleaned from the study is the fact that people who visit pirate websites are no more likely to take extra precautions by installing anti-malware software. The installation rate for such software was roughly 60 percent for both groups, which were called "infringers" and "non-infringers" in the study. Meanwhile, the infringers were found to spend much more time browsing the internet in general.
To conduct the research, the users’ home computers were fitted with background sensors that captured their browsing data in a discreet manner. The data shed light on a number of parameters – what websites the users visited, if they had anti-malware software or firewalls installed, whether they downloaded any files from sites that make pirated content available, and whether any evidence of malware intrusion into their systems was found.