A couple of vendors have been talking about how prevalent malware is in online porn these days, but during our testing of HoneyPoint Wasp, we found pirated software (or “warez”) to be among the most concerning. Pornography is still a dangerous segment for infection, but it seems that grabbing so called “cracks” and “keygens”, along with pirated programs from the web and peer to peer networks is even more dangerous.
In our testing, it took us around 1/8 of the time to find infected warez that it took to find infected pornographic sites. In fact, our estimates are that less than 10% of the pornography files we tested (excluding “codecs”, obvious Trojan Horses) were infected, while nearly 90% of the cracking and keygen tools were, in fact, malware. In many cases, the warez would appear to work, but contained a background dropper that would install one or more pieces of adware, spyware or other malicious software. Even worse, in a clear majority of our testing cases, several of these malicious programs were missed by the consumer-grade anti-virus applications we had installed on the test bed. We used the white listing capability of HoneyPoint Wasp as the control and indeed identified a large number of malicious programs that traditional AV missed.
The key point of this topic though, is that pirated software remains a significant threat to businesses without proper license controls. Particularly, small and mid-size businesses where piracy often runs rampant, present a very wide target for attackers. Good policies against pirated software, user awareness and the use of license enforcement/asset inventory tools are useful controls in ramping up protection against this attack vector.
How has your organization fared against pirated software? What controls do you have in place to reduce both the legal liability and the malware threat that warez represents?