Today is Safer Internet Day, a global awareness campaign to educate the public on all sorts of threats that people face online.
It is a laudable initiative supported by the Industry Trust for IP Awareness which, together with the children’s charity Into Film, has released an informative video and associated course materials.
The organizations have created a British version of an animation previously released as part of the Australian “Price of Piracy” campaign. While the video includes an informative description of the various types of malware, there appears to be a secondary agenda.
Strangely enough, the video itself contains no advice on how to avoid malware at all, other than to avoid pirate sites. In that sense, it looks more like an indirect anti-piracy ad.
While there’s no denying that kids might run into malware if they randomly click on pirate site ads, this problem is certainly not exclusive to these sites. Email and social media are frequently used to link to malware too, and YouTube comments can pose the same risk. The problem is everywhere.
What really caught our eye, however, is the statement that pirate sites are the most used propagation method for malware. “Did you know, the number one way we infect your device is via illegal pirate sites,” an animated piece of malware claims in the video.
Forget about email attachments, spam links, compromised servers, or even network attacks. Pirate sites are the number one spot through which malware spreads. According to the video at least. But where do they get this knowledge?
When we asked the Industry Trust for IP Awareness for further details, the organization checked with their Australian colleagues, who pointed us to a working paper (pdf) from 2014. This paper includes the following line: “Illegal streaming websites are now the number one propagation mechanism for malicious software as 97% of them contain malware.”
Unfortunately, there’s a lot wrong with this claim.
Through another citation, the 97% figure points to this unpublished study of which only the highlights were shared. This “malware” research looked at the prevalence of malware and other unwanted software linked to pirate sites. Not just streaming sites as the other paper said, but let’s ignore that last bit.
What the study actually found is that of the 30 researched pirate sites, “90% contained malware or other ‘Potentially Unwanted Programmes’.” Note that this is not the earlier mentioned 97%, and that this broad category not only includes malware but also popup ads, which were most popular. This means that the percentage of actual malware on these sites can be anywhere from 0.1% to 90%.
Importantly, none of the malware found in this research was installed without an action performed by the user, such as clicking on a flashy download button or installing a mysterious .exe file.
Aside from clearly erroneous references, the more worrying issue is that even the original incorrect statement that “97% of all pirate sites contain malware” provides no evidence for the claim in the video that pirate sites are “the number one way” through which malware spreads.
Even if 100% of all pirate sites link to malware, that’s no proof that it’s the most used propagation method.
The malware issue has been a popular talking point for a while, but after searching for answers for days, we couldn’t find a grain of evidence. There are a lot of malware propagation methods, including email, which traditionally is a very popular choice.
Even more confusingly, the same paper that was cited as a source for the pirate site malware claim notes that 80% of all web-based malware is hosted on “innocent” but compromised websites.
As the provided evidence gave no answers, we asked the experts to chime in. Luckily, security company Malwarebytes was willing to share its assessment. As leaders in the anti-malware industry, they should know better than researchers who have their numbers and terminology mixed up.
“These days, most common infections come from malicious spam campaigns and drive-by exploit attacks,” Adam Kujawa, Director of Malware Intelligence at Malwarebytes informs us.
“Torrent sites are still frequently used by criminals to host malware disguised as something the user wants, like an application, movie, etc. However they are really only a threat to people who use torrent sites regularly and those people have likely learned how to avoid malicious torrents,” he adds.
In other words, most people who regularly visit pirate sites know how to avoid these dangers. That doesn’t mean that they are not a threat to unsuspecting kids who visit them for the first time of course.
“Now, if users who were not familiar with torrent and pirate sites started using these services, there is a high probability that they could encounter some kind of malware. However, many of these sites have user review processes to let other users know if a particular torrent or download is likely malicious.
“So, unless a user is completely new to this process and ignores all the warning signs, they could walk away from a pirate site without getting infected,” Kujawa says.
Overall, the experts at Malwarebytes see no evidence for the claim that pirate sites are the number one propagation method for malware.
“So in summary, I don’t think the claim that ‘pirate sites’ are the number one way to infect users is accurate at all,” Kujawa concludes.
While it’s always a good idea to avoid places that can have a high prevalence of malware, including pirate sites, the claims in the video are not backed up by real evidence. There are tens of thousands of non-pirate sites that pose similar or worse risks, so it’s always a good idea to have anti-malware and virus software installed.
The organizations and people involved in the British “Meet the Malwares” video might not have been aware of the doubtful claims, but it’s unfortunate that they didn’t opt for a broader campaign instead of the focused anti-piracy message.
Finally, since it’s still Safer Internet Day, we encourage kids to take a close look at the various guides on how to avoid “fake news” while engaging in critical thinking.