The chance of infection by malware from counterfeit software is three in 10 for businesses, and one in three for consumers, according to a new study commissioned by Microsoft and conducted by research firm IDC.
Police prevented from chasing cyber criminals from outside Europe European Parliament votes to keep anti-piracy law decision out of top judges’ hands Antigua seeks WTO permission to host piracy website
The research also found that enterprises spend $114bn (£75bn) dealing with the resulting malware-induced cyber-attacks.
The study, which is part of Microsoft's Play it Safe Campaign, analysed 270 websites and peer-to-peer (P2P) networks, 108 software downloads and 155 CDs or DVDs. It also took into account interviews with 2,077 consumers and 258 IT managers or CIOs in the UK, US, China, India, Brazil, Germany, Russia, Mexico, Poland and Thailand.
Researchers found that nearly half (45 per cent) of counterfeit software comes from the internet, and that 78 per cent of this downloaded software from websites or P2P networks included some type of spyware, while 36 per cent contained Trojans and ad-ware.
In an interview with Computing, Microsoft general manager of worldwide anti-piracy Dinis Couto said that a lot of counterfeit is touted as "genuine software with a discount" of 10 to 20 per cent, adding that the malware that often lurks within it can lead to identity fraud, credit card information theft, data loss and other security problems.
Michala Wardell, anti-piracy and IP manager for Microsoft UK, added that software that needed a key in order to be activated could be downloaded malware-free but then the key itself might contain some form of malware.
"What we are seeing is that this is not happening by accident, we have many cases of organised criminals using counterfeit software to fund other types of crime," Couto explained.
Couto claimed that a case documented in the Wall Street Journal showed proof of this, where an investigation by the FBI that was supported by Microsoft's digital crimes unit found a drug cartel in Mexico that was using software piracy to fund its other criminal activities.
Wardell said that the trend of bring your own device (BYOD) is a significant issue as consumers are more likely to download counterfeit content onto their own devices and bring these into work. This means that once the device is connected to the network it leaves the network susceptible to attack.
Couto admitted that Microsoft 365 meant that the firm had to cope with new challenges because of the cloud.
"The fact we are moving to cloud services does not mean it is a piracy-free world. IP theft is just different and will continue to be an issue. For example, when you move services to the cloud it is no longer people copying the software but instead users will use a fake ID and stolen credit card details to subscribe to the service," he said.
"We have to act in a similar way to online retailers like Amazon in that they need to have a strong look at fraud," he added.
Couto warned that by gaining profit from selling counterfeit software, criminals then exploit users further by implementing malware and committing identity fraud. Thereafter, credit card details could also be used as a means of gaining more money, and eventually the amount of funding a criminal group may raise will enable them to launch cyber-attacks on a national scale, perhaps the kind that will affect utility companies - and thereby affect the countries' critical national infrastructure.
