NUS Study across 8 Asian countries finds security risks in 100% of tested websites offering pirated software downloads
A NUS researcher investigating a website that offers pirated software downloads (Photo credit: NUS/ Microsoft)
The National University of Singapore (NUS) Faculty of Engineering released the results of a new study, “Cybersecurity Risks from Non-Genuine Software”. The study was commissioned by Microsoft.
The Asia Pacific commercial market of non-genuine software was estimated to have reached US$19 billion in 2016. The study was aimed at quantifying the link between software piracy and malware infections in the Asia Pacific region. Ninety new laptops and computers as well as 165 software CDs/DVDs with pirated software were analysed. The samples were randomly purchased from vendors that are known to sell pirated software from across eight countries in Asia - Malaysia, Indonesia, Thailand, Vietnam, Sri Lanka, Bangladesh, South Korea, and Philippines.
But today software is increasingly being acquired through online downloads channels. The online medium allows cybercriminals with the ability to attack anybody, anywhere, anytime remotely. It also allows them to easily camouflage their malicious activities. Hence, the researchers also examined 203 copies of pirated software downloaded from the Internet.
Each of these samples was thoroughly investigated for the presence of malware infections using seven anti-malware engines – AVG AntiVirus, BitDefender Total Security, IKARUS anti.virus, Kaspersky Anti-Virus, McAfee Total Protection, Norton Security Standard, and Windows Defender.
The study found that 100% of the websites hosting pirated software download links expose users to multiple security risks, including advertisements with malicious programs. The tested torrent hosting websites opened with multiple popup windows, many of these contain links that download malware when clicked or show objectionable content such as pornography.
Around 34% of the downloaded pirated software was bundled with malware that infect the computer once the download is complete or when the folder containing the pirated software is opened, while 31% of the downloaded pirated software did not complete installation which suggests other motives behind their presence on torrent hosting websites. These misleading torrents could be used to tricked users into downloading malicious programs. Or they are being used to increase the traffic to the torrent hosting sites, which expose the visitor to malware and unwanted advertisements, as mentioned above.
Around 24% of the malicious programs bundled with the pirated software downloads deactivated the anti-malware software running on the computer, so that the downloaded malware could install itself. 18% of these installations prompt users to change default settings on browsers and install add-on toolbars during installation. These changes to the browser settings lead to new home pages and default search engine as well as unwanted toolbars.
12% of these installations required users to contact additional websites to complete the process. These are often presented to the users as steps to obtain license keys or “cracks” needed to activate the pirated software, and they can lead to popups and additional malware exposure.
Out of the 165 DVDs and CDs samples, 61% contained malware. The Infected discs contained an average of five pieces of malicious programs. In the worst case, 38 malware instances were found in just one DVD.
The study also found that 92% of new and unused computers with pirated software installed were pre-infected with malware. The researchers found the presence of malware in these computers highly concerning, as end-users expect these devices to be risk free and hence might be less vigilant in checking for cyber threats and monitoring for suspicious activities.
Trojans comprised 51% of malware found
The study found close to 200 malware strains across the samples. Trojans (malware disguised as legitimate software), spread across a total of 79 unique strains, comprised 51% of all malware found, making them the most common category of high-risk cyber threats. with a total of 79 unique Trojans malware strains. Trojans open the door to all kinds of further attacks. Once a Trojan is active on an infected computer, it installs a backdoor for hackers to access and command the device. This allows cybercriminals to steal confidential information, modify firewall settings, and delete or encrypt data.
A huge range of worms, viruses and droppers (malware designed to "install" some sort of virus, backdoor, etc. to a target system), created for stealing information and taking control of their host computers, were also found. These programs can replicate without human intervention and have the capability to spread rapidly.
The most effective defense against malware from pirated software is to use genuine software products. Associate Professor Biplab Sikdar from the Department of Electrical & Computer Engineering at NUS Faculty of Engineering, who led the study, commented, “The study’s findings all point to the fact that uncontrolled and malicious sources of pirated software, particularly on the Internet, are being converted into effective means of spreading malware infections. And what we would like to achieve with this report is to help users recognise that the personal and business risks and financial costs are always much higher than any perceived costs they save from using non-genuine software.”