A third of pirated movie sites spread malicious software, report says

CBS/AP

You might want to think twice before you try to watch a pirated copy of of the new Star Wars movie online. Aside from the fact that the film will probably be way better on a big screen with surround sound, a new report finds that many websites set up to distribute pirated movies and TV shows spread malicious malware.

Cybersecurity firm RiskIQ probed a sample of 800 piracy websites and found that one in three contain malware that can expose a user to identity theft, financial loss, and hackers taking control of their computer. Internet users who visited piracy sites were 28 times more likely to get malware from so-called torrent sites than from licensed or mainstream media websites.

Almost half the time, the malware was delivered by "drive-by downloads," meaning the malicious software was triggered just by visiting a site -- users did not have to click again or actually download a video to get infected.

Once hackers gain access into a computer, they can steal bank and credit card data or personal information, which can be sold in an underground market. Another tactic some hackers use is to lock a person out of their computer and demand a ransom.

"Users beware. The data from this report shows a much higher incident rate of malvertising and malware delivery in general on torrenting sites. Simply visiting these sites puts the device you use and your personal information at risk from malware, adware and spyware," Elias Manousos, CEO of RiskIQ, said in a press release. "Even more troubling is the ecosystem that has evolved to take advantage and monetize torrent traffic. While some torrent sites directly host malicious programs, most torrent publishers and malvertisers use ad and affiliate networks to deliver their exploits and malicious programs in exchange for payment."

The research report, entitled "Digital Bait," was commissioned by the Digital Citizens Alliance.

Hawking content-driven malware is big business for content thieves who now make an estimated $70 million a year from allowing malware distributors to place malicious code on their websites, according to the report. Malware distributors can then make more money by exploiting their access to hacked computers.

"It's clear that the criminals who exploit stolen content have diversified to make more money by baiting consumers to view videos and songs and then stealing their IDs and financial information," Tom Galvin, Executive Director of the Digital Citizens Alliance, said in a press release. "It's criminal behavior, and it should be a wake-up call for consumers as well as law enforcement that a new front must open in the battle against cyber criminals and malware peddlers exploiting Internet users."

The research is especially troubling at a time when some 16.2 million U.S. consumers have been victims of identity theft, according to the U.S. Justice Department.

"We can't just throw up our hands and do nothing. Parents must teach their kids that they are junking up their computers by going on content theft sites; Internet safety groups and all responsible players in the Internet ecosystem must ramp up awareness campaigns; and law enforcement must step up its efforts to catch and combat malware peddlers," Galvin said.