The launch of the BeStreamWise online anti-piracy campaign early October was preceded by action in the ‘real’ world.
After being offered free lifetime subscriptions to a new streaming service from a pop-up stand in London’s Paddington Station, commuters were encouraged to sign up to ‘MalStreams’ using their real personal details.
Shortly after, a ‘scam’ was revealed; MalStreams didn’t exist but participants had been given a valuable lesson in security. Handing over personal and credit card details to strangers can be more dangerous than people think. Handing over financial details for a lifetime of free service suggests that some people don’t even think at all.
Run by Sky, Premier League, FACT, ITV, CrimeStoppers, and the UK Intellectual Property Office, among others, the campaign aims to raise awareness of the potential risks of using illegal streaming services.
Handing over personal and financial information to strangers can have unexpected consequences, as the ‘customers’ of MalStreams quickly discovered. The same applies when people install streaming apps offering premium content for free. Football matches and movies for nothing may sound attractive, the campaign explains, but exposing devices to the risk of malware infection is something few people want.
Further details on malware risks are available on the BeStreamWise website, at least for those able to access it right now.
BeStreamWise.com Blocked For Security Reasons
After being informed that BeStreamWise.com was ‘down’ last evening for no obvious reason, some quick tests revealed a curious situation. The site could be accessed as normal using a VPN but without one it simply wouldn’t load.
Hoping to find out who, if anyone, was blocking the site, a few network tests revealed that requests were being blocked before even escaping the LAN. The culprit was found in one of the routers where for the first time in over a year, a site had triggered blocking measures on non-VPN outbound traffic.
According to the AI protection service supplied by Trend Micro, the domain had been blocked for phishing. A subsequent test on the Trend Micro global portal returned the same result, with the following detail: Fraudulent sites that mimic legitimate sites to gather sensitive information, such as user names and passwords.
Since so-called ‘false positives’ are not unusual, checking with other security vendors can help to shine a light on situations like these. Unfortunately, that failed to clear things up as expected, at least not initially.
Multiple Security Vendors Report Malicious Behavior
Subsequent tests revealed that Avira had also flagged BeStreamWise.com for phishing, CDRF and CyRadar had settled on malicious, while AlphaMountain simply reported suspicious activity.
Thanks to its bold layout, however, URLScan.io quickly provided information that may explain why BeStreamWise was flagged for suspected phishing, which entity it was believed to be masquerading as, and who vendors may have been trying to protect.
Whatever the specific reasons behind the alerts, the above indicates that the BeStreamWise domain faces allegations of impersonating Sky. The broadcaster actually runs the campaign site on its own infrastructure, making foul play unlikely, but whether this largely unadvertised direct connection played a part in these alerts is unknown.
For its part, the BeStreamWise campaign believes there’s little to be concerned about.
“BeStreamWise.com raises awareness of the risks involved in illegal streaming. Given the nature of the topic, we are extremely vigilant over the security of the site. It is functioning normally and we have not detected any issues, but we will continue to investigate,” a spokesperson informs TorrentFreak.
While the campaign doesn’t believe there’s much to worry about, these warnings aren’t new and may even precede the campaign’s official launch.
Domain Flagged Since Before Official Launch
The results of at least five full scans are available on URLScan and potentially more if any scans were designated as private. The oldest scan was carried out on September 28, followed by others on October 7, October 17, and October 19.
All of these scans signaled ‘malicious behavior’ which raises the question of how many people tried to visit BeStreamWise over the past couple of months to learn about malware, only to be blocked from accessing it due to a possible risk of malware.
Bad Labeling, Bad Outcomes
Another potential issue lies with Comodo’s Xcitium Verdict Cloud, which has categorized BeStreamWise.com as a ‘media sharing’ site. This type of mislabeling can have serious knock-on effects, as we’re only too aware.
TorrentFreak has been wrongfully categorized as a media-sharing platform on more than one occasion, which led to readers being prevented from accessing the site via public WiFi services on more than one occasion.
In 2018, Comcast erroneously blocked TorrentFreak for being ‘suspicious’ and in 2013, customers of Sky were unable to access the site after an exploit placed us on the UK’s pirate site blocking list.
So to summarize, watch out for malware but remember that not all reports of malware are accurate. Also be aware that when pirate apps receive a clean bill of health following a malware scan, in a worrying number of more recent cases that can mean absolutely nothing. Not exactly a comfort, but reality nonetheless.
