Report: Pirated downloads at work big source of malware

Posted 28 December 2015 19:46 CET by Jan Willem Aldershoff

Research conducted by security company Bitsight amongst its 30,700 customers found that in almost 25% of those companies people download pirated content. Of the downloaded software 39% of the games and 43% of the applications contained malware. The research doesn’t┬áseparate between employees that knowingly download and those that are unwillingly part of a botnet.

LP-Thumbnail-Template-BitSight-File-Sharing

The industries where most files are shared are education and tourism, according to the report. Government is third, which is alarming since that industry should give a good example and usually deals with sensitive data of citizens. In finance people download the least, only 12.5% of the employees share files.

The most popular pirated game amongst Bitsight customers is Grand Theft Auto V while the most downloaded pirated application is Adobe Photoshop.

 



Xercus
MyCE Senior Member
Posted on: 28 Dec 15 20:16
You know, it does not surprise me at all.

I do check these archives out from time to time as I used to be a part of it years ago (probably before most of today's participants were born)... I check the PE structure of the files and unpack any packers even installers. Even in true scene releases I do find 'oddities' from time to time and looking into it I notice they go to an IRC channel or to another IP/DNS address... I call them 'sleeping beauties' as they go unnoticed for months...
That is me... With my knowledge... Drilling down until there is no more drilling down to do, then I use a virtual machine which is part of a trilogy (one master from which two identical clones run none of them with internet access as M$ could contaminate the result).
It is hard to hide when I compare registries and files with the clone which has not had the install.

There is a homongus difference to my way of working and the common man...
People do not even check if it is the proper scene release (you know the drill, zip-archives containing rar-archives, .nfo and .diz) for starters and so they are in reality downloading what is commonly known as web-shit within scene circles.
Then they fail in hash-checking (crc/md5 etc.) and actually checking what packer is used for keygens and unpack it... and if there is a dangerous payload dropped by any of the files and so on since they entirely lack the knowledge...

The scene can not really be trusted any more either as they have been caught cashing in short-sighted by installing programs which calls back once a day and can be used for bringing a website down (it is more to it than the challenge of reverse engineering the impossible these days...)
0 Agree

coolcolors
MyCE Resident
Posted on: 28 Dec 15 22:07
Quote:
Originally Posted by Xercus
You know, it does not surprise me at all.

I do check these archives out from time to time as I used to be a part of it years ago (probably before most of today's participants were born)... I check the PE structure of the files and unpack any packers even installers.
Same here....
0 Agree

TSJnachos117
MyCE Resident
Posted on: 28 Dec 15 23:31
I guess that explains the computer "security" breach in the US Office of Personal Management. That, and insecure configurations, out-of-date software, a sad lack of encryption, and the availability of much data about too many individuals.

I do have to wonder: why even bother illegally downloading software when there are usually several $0 programs that do the same thing? The hell with Photoshop, we have GIMP. Forget MS Office, we have OpenOffice and Libre Office. It does make sense to want to illegally download games, since there aren't that many $0 games that aren't cheesy freemium smart phone apps with unoriginal premises and lots of nags for in-game-purchases, but anything else you could want will likely have a gratis alternative.
-1 Agree

alan1476
Administrator, Software Editor and Head of Promotions
Posted on: 29 Dec 15 00:42
Just buy the software, its easier than reformatting your hard drive.
0 Agree

Xercus
MyCE Senior Member
Posted on: 29 Dec 15 22:29
Quote:
Originally Posted by alan1476
Just buy the software, its easier than reformatting your hard drive.
Only to true in the private sphere.
However, in a corporate setting policies is at play and so your PC could get reset during the night as your home-directoy on the server holds your documents and Microsoft Exhange has your mail which is linked to your user account and so on.

In a larger setting, I would strive for control as to what goes on in my network compared to accepted and unaccepted programs installed on the PCs and other policies. I would of course deny the install privilege and thus avoid most of the challenge here, but there are ways around it even in a corporate network...

All in all, we are talking people here and they have dreams and wishes, maybe even half an hour to have a nice game of GTA... Damn that corporate policy... How can I go about it?
I am not going to tell you - but they will find out... Whatever you really want, there is only a few miles to go....

So in other words, if you enforce VPN when outside, keep everything on the server and only a local client-cache combined with the correct security settings for each employee, resetting a PC is no big deal as you sync before doing the reset.

Still they dream and tomorrow is a new day where they will fight back - yet another time _ Heck, they are only people and I enjoy their fumbling steps as they make me smarter, I am lightyears ahead and what they in reality contribute to is more secure networks in the future

That is why they do try as hard as they can to compromise corporate security.

If you are an administrator not enjoying the fight, I'll let you in on a secret... Sure, we can get them out, but if we do, we will only contribute to removing creativity from our corporation... Do we really want to do that? Does it serve us for the better? Think about it... We have the edge - It's our job, they only use the technology available to them with no real understanding...
0 Agree

Xercus
MyCE Senior Member
Posted on: 30 Dec 15 15:31
I thought I should clarify my post above a little.

Most hacking comes from the inside and not from the outside of the gateway. I differenciate between malicious hacking and human behavior, very much so.
True hacking attempts trying to elevate rights (copying cards to gain access to parts of the building where the employee have no business) and other deliberate malicious activities originating on the inside will be investigated to catch the one responsible and get him fired.

A game download is no deliberate malicious activity, it is just human behavior and in all fairness, it is fun you know. The employee typically sees it that way as well and hence "Damn that (meaningless) corporate policy...". In other words, he does not want to do any harm, he just want to have a go... and a creative person is creative wherever he is

Before you all go "what the... He should damn well do company business" I'll tell you a little introduction as to why I voice this opinion.
Years ago, I was battling an employee who I am sure played games for an hour each day. This guy was a "turbo" salesman the best in the company at the time. A really creative user in the network too, way above average I must add, but naturally, I managed to tie down the security on his computer and user account so he was unable to play shit.

Now, as it turned out, it was a short-sighted egocentric move seen only from the IT-security point of view. During the next three months, his 'drive' and contribution sank down to average. I feared there was a connection and so I invited him for a beer. During the evening and as the beers went down, I came to understand that much of his 'drive' positive attitude and inspiration came from playing games.. I also understood that he spent way too much time figuring out how to be able to play games again and outsmart the IT department (how sweet)

Long story short... Whatever works, I spoke to the CEO and got a good go for my 'research project' - went to work on Sunday and lifted his security. patched the network and raised the security level for his access to the company network to the highest possible which was not usual at the time.
Then came Monday and sure enough before 9:00AM I noticed he had a game installed (in other words, I did let him win the fight unknowingly and I guess he was ever so proud with his achievement).
The next month, the employee once more was the "turbo" salesman we knew. It goes to show that IT is more than just technology, it is also management of human resources for the better for all.
During my three years with the company, we silently registered several games without his knowledge as we have to - The employees do not think in those terms, that's all. Now what if I tell you that those registrations were some of the best investments?

We are together on an average eight hours a day and for any employee, it is important that they enjoy staying with the company while contributing, they usually contribute more then. if not.... Out!

Malware is unavoidable in any and all networks, but if you do not mind, I would like to isolate the subject as it is imo not really games that poses the biggest risk, it is the internet and in fact, the part we can not live without is worst... Social media. So please, let us not 'jazz up' the games part.

As I write above, their fumbling attempts in trying to fool the IT department only contributes to building more secure networks in the future. Speaking for myself, I know the technology months/years before any user tries to use it in my network, but be aware, I do check your contribution as well. If that is good, I am a candidate to let you 'win' the fight as I am way wiser than I used to be, recognizing you to be a human being just like myself and not only an employee number.

... and that is no two cents, that is millions of dollars in the fountain...
0 Agree

alan1476
Administrator, Software Editor and Head of Promotions
Posted on: 30 Dec 15 15:40
I think I have a new Avatar for you.
0 Agree

Xercus
MyCE Senior Member
Posted on: 30 Dec 15 16:34
Quote:
Originally Posted by alan1476
I think I have a new Avatar for you.
http://club.myce.com/attachments/f94...ware-anony.jpg
muhahahahaha!
I am watching you, but you do not see me I am the man in the middle, the unavoidable one so run, you can never hide
0 Agree

Reactions closed

Sorry, you can't comment on this item anymore. It's either too old or comments are disabled for this post.

Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×