Criminals Rake In $70 Million By Spreading Malware
This post is also available in: 
עברית (Hebrew)
Criminals are earning around $70 million a year by installing malware on users’ devices, a new study RiskIQ study reveals.
The “Digital Bait” study, commissioned by the Digital Citizens Alliance (DCA), analysed 800 websites dedicated to the illicit distribution of TV shows and content. On RiskIQ’s analysis, a third of the sampled websites contained malware, 45% of which could be installed by a method known as “drive-by-download.” In this scenario, a user wouldn’t even be aware that malicious code has infiltrated their device.
“It’s clear that the criminals who exploit stolen content have diversified to make more money by baiting consumers to view videos and songs and then stealing their IDs and financial information,” executive director of DCA Tom Galvin said in a statement.
With the malware installed, those responsible are able to steal banking credentials, identify and pilfer private information, lock a computer and demand a ransom, or even perform acts of fraud through the affected computer, thus effectively framing the unsuspecting user.
Such content infringing websites are 28 times more likely to contain malware than their straight-laced brethren.
“By dangling such content as bait, criminals lure in unsuspecting users and infect their computers,” the study said. “In doing so, these criminals are exploiting a lack of understanding and awareness among users about the risks visiting shady websites can pose.”
Drive-by-downloads have been affecting illicit websites at a disproportionate rate, partly, due to advertisers’ reluctance to engage with these platforms. While most of the ads served by Google and the like undergo a vetting process, and are promptly removed if they infringe in the service’s terms and conditions, even they have been exploited to distribute malware to unsuspecting users.
Websites operating in a grey area of the law generally resort to giving space to less than savoury advertising agencies, who for the most part have none of the vetting procedures, nor the inclination to protect users, that more established agencies have.
