The link between online piracy and malware is far from new. More than two decades ago, LimeWire users were already plagued by malicious software masquerading as music downloads.
Today’s online landscape continues to face similar issues, if not worse. With more attack vectors and potential victims than ever before, security risks are front and center.
Even if operators of pirate sites and services are not actively looking for trouble, the third-party ads on their sites can easily cause havoc. This makes online pirates a key target for cyber threats.
Report: Pirate Sites & Cyber Threats
A new report released this week, commissioned by the Motion Picture Association’s anti-piracy arm ACE, quantifies the risk for users of popular pirate sites in Southeast Asia. Written by Dr. Paul Watters of Macquarie University, it examines cyber threat detections on websites in Malaysia, Indonesia, Thailand, Vietnam, and Singapore.
Consumer Risk from Piracy in Southeast Asia (pdf) is part of a series, which previously covered other countries such as the Philippines and Poland.
The report looks at the 30 most popular sites in each country, split into various content categories such as P2P, IPTV, streaming and anime sites. It also includes piracy-themed scam sites, which do not provide any content themselves but are designed to attract pirates, often for credit card scams.
The final sample includes 1,200 websites that were tested for problematic content using VirusTotal. The results were then compared to a control sample of legal streaming services in the same regions.
It shouldn’t come as a surprise that the ‘pirate’ sites were much riskier than legal streaming platforms. P2P sites performed the worst with an average total of 53.2 threat detections per 30 sites per country, followed by scam sites (44.8) and pirate streaming services (35.6).
Manga sites were the most ‘safe’ according to the report, with an average of 10.6 detections per 30 sites per country.
Key Findings Deserve Nuance
For its ‘Key Findings’ the report zooms in on the worst result combination of category and country, which explains the higher relative risks shown in the image below. The 65x multiplier for the P2P category, for example, refers to Indonesia.
Key Findings
We have no reason to doubt these results; our recent reporting has indicated several high-profile threats associated with pirate sites, some of which may not even be picked up by simple VirusTotal scans.
That said, the ‘relative risk’ terminology can be confusing. After all, most legal streaming sites have no malware threats, so what does it mean when P2P sites have a relative risk of 65 in Indonesia?
It basically means there were a total of 65 threat detections for the 30 sites in the P2P category in Indonesia. Similarly, there were 52 detections for the 30 pirate streaming sites in Malaysia, et cetera. This includes the sites with lower or no threats at all.
In theory, it could be that one site is responsible for all detections in a category, with the other 29 being clean. Those details are not specified, however.
Detections (worst-case) per category in Indonesia
The report notes that the “extraordinary” findings “dwarf the baseline,” which consists of legal streaming sites that often have zero threats. Instead of zero as a comparison base, the report uses a pseudo count of one, concluding that the risk is 65 times higher.
“When we normalize these findings against the Top 30 mainstream control sites to compute Relative Risk, the elevation is extraordinary: worst-case RRs for Streaming piracy (e.g. 52.00 in Malaysia), P2P (65.00 in Indonesia), and Scam (49.00 in Thailand) dwarf the control baseline,” the report reads.
For those who are still following along, the “relative risk” is essentially the same as the number of detections in pretty much all examples, as the baseline is 1. So people are 65 times more likely to…?
65 Times More Likely to be Infected by Malware?
We agree with the report in the sense that malware and other cyber threats are relatively prevalent on pirate sites. However, results like these should be interpreted by others with caution.
ACE, which commissioned the research, draws a conclusion that, while approved by the report’s author, may be a bit too broad based on what the study reports.
“[T]he study revealed that in the worst case, local consumers are up to 65 times more likely to be infected with malware when using piracy sites as compared to legitimate websites,” the group wrote (emphasis added).
From ACE’s press release
ACE uses the “key finding” figure from the worst-case scenario in the most problematic category and country, P2P sites in Indonesia. The average number of threats for 30 sites across all countries and categories is closer to 28 detections.
More problematic is the “infected with malware” phrase. This isn’t a correct representation of the findings, as malware is only a subset of the detected cyber threats. These also include phishing, suspicious content, spam, and potentially unwanted software.
Not All Malware
Needless to say, an unclassified popup advertisement is not the same as a malware infection. In fact, even when it comes to malware, the report only lists detected problems, not actual malware infections.
Unfortunately, however, the “infected by malware” headline was picked up broadly in the press.
Automated Blocking Recommended
This problem shouldn’t boil down to how many times more likely pirates are to be infected by malware. The details and severity of the threats are key. There is no doubt that a subset of pirate sites is posing a problem, and that may even be more severe than the report’s abstract figures suggest.
The bigger question is what to do with this information, and the report provides some pointers there as well.
On top of awareness campaigns and strengthened law enforcement, intelligence-driven site-blocking is offered as a solution. These automated blocking powers should be in addition to those authorized by various courts.
“Southeast Asian regulators should mandate that ISPs consume real-time feeds from national CERTs and aggregated threat-intelligence sources (e.g. VirusTotal) to automatically sinkhole or filter newly identified high-risk domains across Streaming piracy, Anime, Streaming Sports, P2P, IPTV, Manga and Scam categories.”
While many rights holders will support this suggestion, it may require some fine-tuning. After all, the report also detected several cyber threats on legitimate streaming platforms in Vietnam.
From: TF, for the latest news on copyright battles, piracy and more.
NXP Semiconductors will einen Teil seiner Sensor-Sparte loswerden. Der Käufer STMicro hat zuvor einen ersten Quartalsverlust gemeldet. (STMicroelectronics, Wirtschaft) 
Vodafone probiert erstmals offiziell den neuen Kabelnetzstandard Docsis 4.0 aus. Wir haben mit dem Leiter Network Development gesprochen - auch über Technikeinsatz über 5G hinaus. (
Der Nasa steht ein gravierender Stellenabbau bevor. Fachleute warnen vor Sicherheitsrisiken - vor allem bei überstürzten Einschnitten. (
Als CTO hat man meist Arbeit bis zum Abwinken, aber trotzdem das Gefühl, dass es nicht vorangeht. Was ich tue, um meine Rolle mit sinnvoller Arbeit zu füllen. Ein Erfahrungsbericht von Mathias Meyer (
Der E-Cadillac Vistiq soll nach Luxus aussehen, vor allem aber ist er riesig. Wer den Escalade in Europa wohl fahren will? Ein Bericht von Fabian Mechtel (
Vom Forschungszentrum bis zur Rentenversicherung: Bei diesen Stellen unterstützen IT-Fachkräfte zentrale Systeme, koordinieren Projekte und gestalten den digitalen Wandel aktiv mit. (
Ansible hilft, IT-Prozesse zu automatisieren, von der Systemkonfiguration bis zur Verwaltung. Wie Ansible zur Effizienzsteigerung in der Systemadministration beiträgt. (
You must be logged in to post a comment.