In the dark reaches of the Internet are hundreds, if not thousands, of sites that offer users the promise of entertainment content, including TV shows, movies and music, that has been stolen from content authors. While visitors to content theft sites are hoping to get entertainment, they're also getting something they might not be expecting—malware.
A new study sponsored by the Digital Citizens Alliance and conducted by RiskIQ of 800 content theft sites found that a third of those sites are exposing users to malware.
"We're seeing stolen content used as a bait to lure consumers onto Web pages," Tom Galvin, executive director of the Digital Citizens Alliance, told eWEEK. "Content is the bait, and malware delivery is the objective."
The malware is delivered in variety of ways, including links that infect users once they click on them as well as "drive-by" malware infections that require no user interaction.
The drive-by malware that RiskIQ observed was not zero-day exploits. The drive-by issues were all known exploits that vendors had already patched, according to Ross Reynolds, product manager at RiskIQ.
"While they were known exploits, they still have an effective conversion rate," Reynolds told eWEEK. "There are plenty of unpatched systems out there waiting to be exploited."
As it turns out, the placement of malware on content theft sites isn't always just an ad hoc, unstructured approach. There are malware advertising and affiliate networks that content theft sites can plug into, according to Reynolds. RiskIQ researchers were able to infiltrate one such malware advertising organization that claimed to be responsible for 150 million malware installations. The same advertising organization was willing to pay 10 to 20 cents per malware install to content theft sites that participate in their network.
"It's a mature economic model for the content theft sites, with a going rate for goods and services," Reynolds said.
Going a step further, RiskIQ built a financial model to attempt to gauge the revenue potential for content theft Websites from malware distribution. RiskIQ estimates that approximately $70 million a year is being generated by malware distribution from content theft Websites.
Looking at the distribution of malware across different types of sites also provides a solid link to revenue models. There is a difference in malware distribution across gambling, adult-themed and content theft Websites, according to Galvin, adding that on gambling sites, Digital Citizens Alliance's own analysis found little malware.
"That made sense to us as the gambling sites want users to give their credit card information and want users to feel comfortable," Galvin said.
When it comes to adult sites, Galvin said there is a mixed amount of malware depending on the site. While there is more malware on adult sites than gambling sites, it is still less than what Galvin expected. The reason for this, he said, is because for some of those sites, the goal of the site operators is to convert the users to paid subscriptions.
On the content theft sites, there was significantly more malware than either the gambling or adult sites, he said.
"On gambling sites, they want users to spend money; on pornography sites, they also ultimately want users to spend money. But on content theft sites, they're not asking users to spend any money," Galvin said. "You don't really get anything for free in this world and in the end, content thieves are using the lure of stolen content to infect people's computers for their own gain."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.