New research from Carnegie Mellon University reveals that more time spent on pirate sites increases the risk of running into malware. The same effect was not found for other categories, such as social networks, shopping or gambling sites. While the results show an increased threat, it’s doubtful that the absolute numbers will impress hardened pirates.
In recent years copyright holders have been rather concerned with the health of pirates’ computers.
They regularly highlight reports which show that pirate sites are rife with malware and even alert potential pirates-to-be about the dangers of these sites.
The recent “Meet The Malwares” campaign, targeted at small children, went as far as claiming that pirate sites are the number one way through which this malicious software is spread. We debunked this claim, but it’s hard to deny that pirate sites have their downsides.
While the operators of pirate sites are usually unaware, advertisers and malicious uploaders sometimes use their sites to distribute adware or malware. But does that put people at significant risk? Research from Carnegie Mellon University Professor Rahul Telang provides some further insight.
For a year, Telang observed the browsing and other computer habits of 253 people who took part in the Security Behavior Observatory. The results, published in a paper titled “Does Online Piracy make Computers Insecure?” show that there is a link between pirate site visits and malware.
“We find that more visits to infringing sites does lead to more number of malware files being downloaded on user machines. In particular doubling the amount of time spent on infringing sites cause a 20 percent increase in malware count,” Telang writes.
This effect was only visible for pirate sites, and not for other categories such as banking, gambling, gaming, shopping, social networking, and even adult websites.
Through the Security Behavior Observatory, all files on the respondents’ computers were scanned and checked against reports from Virustotal.com. This also includes adware, but even without this category, the results remain intact.
“Even after we classify malware files into adware and remove them from analysis, our results still suggest that there is a 20 percent increase in malware count due to visits to infringing sites. These results are robust to various controls and specifications.”
Interestingly, one would expect that people who frequently visit pirate sites are more likely to have anti-virus software installed. However, this was not the case.
“We also find that users who visit infringing sites do not take any more precautions than other users. In particular, we find no evidence that such users are more likely to install anti-virus software. If anything, we find that infringing users are more risk taking,” the paper reads.
A 20 percent increase in malware sounds dramatic, and while we don’t want to downplay these results or the risks involved, it’s worth highlighting the absolute numbers.
The research estimates that, when someone doubles the amount of traffic spent on a pirate site, this person adds an extra 0.05 of a piece of malware per month, with the average being 0.24. So, most people encounter no malware in a typical month. This means that pirate sites are an increased a risk, but it’s not as extreme as sometimes portrayed.
There is also no evidence that malware is predominantly spread through pirate sites. Looking at the total sample, the average number of malware files found on a pirate’s machine is 1.5, compared to 1.4 for those who never visit any pirate sites at all.
While there’s certainly some risk involved, it’s doubtful that the results will deter many people. Previous research revealed that the majority of all pirates are fully aware of the malware risks, but that they continue nonetheless.