The risks of obtaining and using pirated software

A study of the prevalence of malicious code and potentially unwanted software in pirated software. This white paper from international market-research firm IDC presents the results of an investigation by IDC into the prevalence of malicious code and unwanted software from Web sites offering counterfeit product keys, pirated software, key generators, or crack tools for Microsoft Windows XP and the Microsoft Office System.

The investigation also examined the presence of malicious code in key generators and crack tools that are available for download from various Web sites and peer-to-peer networks. The intent of the research was to determine the security risks of obtaining and using pirated software.

* 25 percent of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious software or potentially unwanted software. A significant number of these Web sites attempted to install malicious or unwanted code.
* 11 percent of the key generators and crack tools downloaded from Web sites contained either malicious or potentially unwanted software.
* 59 percent of the key generators and crack tools downloaded from peer-to-peer networks contained either malicious software or potentially unwanted software. A significant amount of malicious or unwanted code was present in the key generators and crack tools.
* The cost of recovering from an incident of malicious software on a single workstation could exceed one thousand dollars (USD). The cost of lost or compromised data could exceed tens of thousands of dollars (USD) per incident. Thus, the cost savings of using pirated software could be eradicated with a single security breach.
* The malicious and unwanted code found is indicative of the shift noted by security professionals in attackers' motivations. Attacks have evolved from hacking for fun to seeking confidential information assets and other malisiouc intent. By offering pirated software, crack tools, and key generators, attackers could lure potential victims.
* There are several methods for obtaining and using counterfeit software, including acquiring counterfeit product keys, obtaining "key generator" programs, and using crack tools to bypass licensing and activation mechanisms. IDC investigated the security risks of visiting the Web sites and peer-to-peer networks that use these methods to distribute counterfeit software.
* Simple Web searches often led to Web sites that offered pirated software, key generators, crack tools, and so on. Furthermore, it was easy to locate key generators and crack tools for Microsoft Windows and the Microsoft Office System.

These findings allowed IDC to conclude that obtaining and using pirated software can pose a serious security threat to organizations and individuals. Read the complete white paper: The risks of obtaining and using pirated software.