Security firm warns of malware risks in pirated software

5 Apr 2012

Internet users have been warned against downloading illegal versions of software because many cracked programs carry a malicious payload designed to infect computers.

The warning follows a survey released yesterday which found that 67pc of Irish people say they use legitimate software – either paid applications or free, open-source programmes. That figure suggests that up to 33pc could be using pirated software, which is available on peer-to-peer networks.

Security software company ESET Ireland commissioned Amárach research to poll more than 1,000 people across Ireland about their software use. The survey found 15pc of respondents did not know if their software is pirated.

Almost one in 10 (9pc) said they used pirated programmes, such as a cracked version of Adobe Photoshop, while 6pc use pirated antivirus software and 5pc use pirated games. The figures don’t indicate whether the same people answered yes to multiple questions about using cracked software.

Explaining why a security provider like ESET is interested in software piracy rates, the company’s IT security and cybercrime analyst Urban Schrott said it’s because paid software made available for free online is often used as a way to spread malware.

“The majority of cracked software comes as a package of some sorts and the malware can be part of the de-packer, the cracked .exe itself or as some process within the programme,” he told Siliconrepublic.com.

“Also, many ‘free software’ websites themselves are hosted by shady companies and will try to infect you with drive-by malware anywhere in the process of finding and downloading the cracked software from their site.”

‘Don’t download illegal stuff’

Asked what advice he would give to people who may be tempted by getting software without having to pay for it, Schrott warned: “Don’t download illegal stuff. It’s not given to you for free by someone nice, because they like you and want to give you something for free, but by someone with a malicious intent, because they want to make money for themselves using the free stuff as bait.”

The connection between pirated software and malicious tools has been known anecdotally in security circles for some time, but data has been difficult to obtain. Last year, the prominent security blogger Brian Krebs published information from antivirus company Immunet which found a high probability that cracked software available on file-sharing networks was responsible for spreading malware.

Krebs wrote at the time: “…downloading pirated software and software cracks is among the fastest and likeliest ways to infect your computer with something that ultimately hands control over of your PC to someone else”.

ESET’s research provided a further statistical breakdown of results, showing that legitimate software use is lowest among the 25-34 age group at just 51pc, whereas 83pc of people over 55 don’t use anything pirated.

Nine out of 10 Dublin residents know what software they use, with only 10pc claiming they don’t, while in Munster 19pc answered they don’t know whether their software is pirated. Use of cracked software is almost twice as high among men (12pc) than women (7pc), the research found.

The survey was anonymous, and ESET said this would suggest that people answered truthfully. “The vast majority being users of legal software is good news. The availability of free, open-source software also makes things easier for many users. But the combined percentage of people using pirated software is still a concern, as is the high number of people that just don’t know if their software is legit,” said Schrott.

If the 67pc figure is accurate, it suggests that up to 33pc of the population could be using pirated software – a level that remains consistent with figures from 2009 which were reported by the Business Software Alliance.

Then, the piracy watchdog reported rates of 34pc illegal software use in Ireland, and the ESET research appears to indicate that little has changed in the meantime.

Gordon Smith was a contributor to Silicon Republic

editorial@siliconrepublic.com