The underweb grows ever more slimy, Microsoft says, as downloads of pirated movies, music, software and other media increasingly come bearing malware.
In the latest edition of the Microsoft Security Intelligence Report [PDF], released on Monday, the company tackles unsafe supply chains, which it describes as "the websites, protocols, and other channels by which software and media files are informally distributed, both legally and illegally."
The definition covers underground sites where pirated software and media are openly exchanged, as well as legitimate websites that make shareware or free music files available for public download.
In fact, unsafe supply chains encompass even computers sold at retail.
Last month Microsoft put out a white paper [PDF] in which it revealed that four of 20 brand-new computers bought in China contained malware right out of the box.
For these regularly issued reports, Microsoft crunches data reported by PCs running its anti-malware products that have opted to send data to the company.
Part of what the company is seeing on those reporting PCs boils down to malware samples that share the same names as files known to be distributed on file-sharing networks. Microsoft calls this attackers' "time-honored tactic" of hiding malware behind the supposedly safe name of a trusted product.
Microsoft also says malware families strongly associated with file-sharing distribution, such as Win32/Keygen, Win32/Pameseg, and Win32/Gendows, were found on 16.8% of computers reporting detections in the first quarter of 2012.
That number increased to 17.2 percent of reporting computers in the second quarter.
From the security report:
Installing pirated software bears significant risks. In many cases, the distributed packages contain malware alongside (or instead of) the pirated software, which takes advantage of the download and install process to infect the computers of users who download the bundles. More than 76 percent of computers reporting Keygen detections [during the first half of 2012] also reported detections of other threat families, which is 10 percent higher than the average co-infection rate for other families.
The most commonly reported threat family - showing up on 98% of the 105 countries or regions covered by Microsoft's report - was Win32/Keygen, a marker for tools that generate product keys that allow software to be used illegally.
Microsoft says that Keygen is strongly associated with unsecure file distribution.
In fact, the presence of Keygen is something of a red flag pointing to file distribution and the malware that so often piggybacks onto the files being distributed.
Microsoft also found Keygen tagging along with this list of wildly popular software downloads, including games, Photoshop and AutoCAD:
- Windows Loader.exe
- SonyVegasPro Patch.exe
- Nero Multimedia Suite 10 - Keygen.exe
- Guitar Pro v6.0.7+Soundbanks+Keygen(Registered) [ kk ].rar
- Half Life CDkeygen.exe
Of course, downloading illegal media in itself doesn't mean a PC will be infected. Nor is the presence of Keygen proof positive that a PC has been attacked.
And Microsoft, obviously, being a software vendor, has reasons to scare the pants off any pirates who want free versions of its products.
But Microsoft does seem to have data on its side, given the high correlation rate it cites between Keygen, for example, and other threats.
Beyond that, attackers are targeting more than pirated material. They're also hitching a ride with freely distributed software, as well.
For example, Microsoft's Malware Protection Center has recently seen 35 separate threat families being distributed with the filename install_adobeflash.exe, purporting to be an installation package for the freely distributed Adobe Flash Player.
Beyond attaching themselves to popular software, threat families are also crawling onto downloads of top movies and songs.
Getting nailed with malware glued onto either pirated media or legal shareware is nothing new, of course.
In a nutshell, be careful.
Getting something for nothing can lead you to getting something you didn't count on.
Take a look at Microsoft's report for a host of tips on staying safe.