The European Union Intellectual property Office has carried out a study to provide an overview of the most up-to-date examples of malware and potentially unwanted programs (PUPs) found on suspected copyright-infringing websites.
In relation to website identification, one interesting finding related to the fact that the overwhelming majority of the websites are hosted in the United States or have domain names linked to hosting there. On the contrary, only a few are located on servers within the EU. Furthermore, .com and .net are the most frequent top-level domain names used on suspected copyright-infringing websites.
Generally, the binary samples of malware and PUPs that were collected revealed a few different general business models: ‘useful’ programs claiming to clean up old files on a user’s computer upon a paid subscription; game installation simulators that require the user’s personal data; and free programs offering access to platforms that distribute pirated content, such as through BitTorrent tracker.
A conclusion was drawn that the threat landscape for malware distributed via copyright-infringing websites is more sophisticated than it might appear at first glance. Generally, most of the collected malware can be characterised as Trojans, meaning that they might be represented on the websites as benign commonly used or popular software, while in reality they can steal or disclose private information. The impact of having this software installed on an end-user’s computer might be considerable, causing not only financial losses, but also theft of personal data and other risks of unwanted access and control. These activities may be expected to result in personal information gathering and transmission to third parties in encrypted or open text format. Such data might consist of, for example, bank account credentials from the browser, details of the computer hardware/software configuration, or basically anything typed on the keyboard.