Malicious Ads Proliferate on Pirate Sites

May 15, 2014

Earlier today, the Senate Homeland Security & Government Affairs Permanent Subcommittee on Investigations held a hearing on the rising threat that consumers face from online advertising and its hidden hazards. Considering how many people have had their identities stolen, their computers infected by viruses and malware, or run into a plague of pop-up ads, this hearing and its 43-page investigative report were both very timely.

The report, commissioned by Subcommittee Chairman Carl Levin (D-MI) and Ranking Member John McCain (R-AZ), noted, “the growth of online advertising has brought with it a rise in cybercriminals attempting to seek out and exploit weaknesses in the ecosystem and locate new potential victims.”  It added, “some estimates state that malvertising has increased over 200% in 2013 to over 209,000 incidents generating over 12.4 billion malicious ad impressions.”

As the Senators consider steps to address the safety and security of online advertisements, we hope they will also examine the extensive growth of these hazards on sites that offer infringing movies, television shows and other creative content.

Just last month, a report prepared by Intelligent Content Protection (Incopro) in the United Kingdom looked at the 30 most visited pirate websites to determine the extent of malware or credit card scams on these sites. The investigators found 27 of them contained malware and other “potentially unwanted programs” most commonly triggered when a user pressed a “play” button on the screen thinking it would let them watch the content they were after. The most common type were those pop-up ads that are not only annoying, but when clicked, install other types of malware onto a system.  There were also numerous “rootkits” which fully expose a user’s data to cybercriminals and lets them use their computers to secretly send spam or mount other cyber-attacks.  In addition to the malware, two-thirds of these websites had some form of credit card fraud designed to get visitors to disclose their credit card and personal information in order to access the pirated content.

The Industry Trust for Intellectual Property Awareness published a survey along with this report, which questioned over 4,000 people in the UK who had visited pirate sites.  77% said that they had downloaded some kind of malware because of pirate websites.  In Singapore, a team at the University of Ballarat’s Internet Commerce Security Laboratory analyzed 10,000 advertisements on 5,000 web pages on pirate sites and found that 90% of them are “high risk”, containing malware and scams among other things.  Similar studies were conducted by these researchers in Canada and Australia, finding that for advertisements on rogue websites, 99% of those in Australia were high risk with 46% of all of them containing malware; and in Canada 89% were high risk with 43.6% containing malware.

As the Subcommittee considers steps to address the safety and security of online advertisements, we urge the members to examine these reports and others which detail the numerous hazards on pirate sites.  Unfortunately, these illicit sites continue to attract large numbers of Americans, especially young people who might not be aware of the harms they could easily encounter.