The good news is that almost two thirds of people who regularly use these so called content theft sites would refrain from doing so if they were aware of the actual malware risks they were facing. Therefore content owners and OTT service providers have scope for reducing the level of theft by publicizing the results of such surveys.

This would still leave over a fifth of Americans aged 18-29 willing to accept the risks and access content theft sites, according to RiskIQ’s study called Digital Bait commissioned by the Digital Citizens’ Alliance (DCA), given that 53% do so at present. Older people though are more wary with around 18% accessing illicit content websites and this sector would most likely be even more prone to being deterred by the threat of malware.

One of RiskIQ’s most striking findings was the high level of malware incidents associated with content theft websites, highlighting how this has become a significant income source for pirates alongside the conventional ones of subscriptions and advertising. In these cases the sites may be distributing malware on behalf of organized criminal gangs and receiving payment for doing so which averages about 15 US cents per user infected. For content sites this can be an additional income stream or in some cases the only source of revenue, avoiding the logistical effort and risk of monetizing the site directly.

RiskIQ analysed 800 web sites known to be dedicated to distribution of pirated movies or TV shows. Their behaviour over malware distribution was compared with a control group selected as far as possible to be representative of the legal sites that would be visited by people from similar demographic and cultural backgrounds as those who frequented the 800 theft sites. This control group comprised 100 sites selected from the list of legal online media sites on Where to Watch, which promotes legal alternatives in the US to content theft sites. Then a further 150 sites were selected at random from among the top third, middle third and bottom third of global Alexa-ranked sites ranging from the top ranked site to the 999,999th ranked site.

On average the 800 theft sites were 28 times more likely to infect visitors with malware than the control sites, with 8% and 0.3 percent respectively of user visits resulting in exposure. The survey also found that 33 percent of sites in the content theft group had at least one malware incident over the month in which it collected data, compared with 2 percent for the control group. Some of the theft sites were worse than others, with the top 20 exposing three out of every four visitors to malware.

Another key finding was that some of the malware caught out even more savvy users. About 55 percent of the malware attempted to trap users into responding to false prompts for Flash downloads and anti-virus updates, which tend to catch out only the unwary. But the remaining 45 percent of malware came under the “drive-by-download” category, which infects automatically without any action by the user, unless there is specific protection in place. Malware downloads can also be instigated by clicking to get rid of an annoying ad pop up and this can be a larger more damaging package because it does not have to creep in by stealth as in a drive by download.

A lot of malware comes under the broad category of Trojans, software that installs itself without the user’s authorization, whether by stealth or as a result of some action like a click to download. Trojans vary in their sophistication and risk to the user, with the most advanced giving the attacker administrative access to the user’s computer.

This can enable Identity Theft, with prevalent Trojans like Dyre, Zeus, Shyloc, and Ramnit already known to have stolen consumer credentials on a large scale. Such Trojans can also enable unauthorized installation of adware, which although less serious is still very obtrusive and affects more users than Identity Theft. They can also collect personal data without the user’s knowledge and are involved in online advert traffic fraud where brands or agencies are conned into thinking that ads have been viewed by people when they have only been “seen” by malware installed on computers. This has become a major problem according to the US Association of National Advertisers (ANA), which has found that 11 percent of display ads and almost a quarter of video ads were “viewed” by software, not people. According to a recent ANA study, such traffic fraud will have cost US advertisers $6.3 billion in 2015.

Another systemic rather than personal risk associated with malware is its scope for recruiting users’ computers to create Botnets comprising many machines that can then launch coordinated attacks such as Distributed Denial of Service against specific target web sites. Botnets also threaten individuals by enabling large scale spam and phishing campaigns.

Yet another growing threat associated with malware is Ransomware, when typically users’ files are encrypted making them inaccessible and a ransom is demanded for them to be decrypted. According to RiskIQ, the FBI has reported that $18 million has been paid to ransomware sites over 2015.

Similar findings have been obtained by the Interactive Advertising Bureau in its report “What is an untrustworthy supply chain costing the US digital advertising industry?” based on feedback from 30 supply-chain companies. This study found that legitimate sites are losing $2.4 billion a year in ad revenue to sites that host infringing content. This is obviously a guestimate, but is the best available figure based on estimating how many users of these illegal sites would switch to legitimate sites and restore lost ad revenue if the theft sites were closed down.

The message for legitimate sites is that they should combine various measures to combat piracy sites. They should publicize the risks posed by malware associated with such sites and should also highlight sources of legitimate content through web sites such as Where to Watch. Above all they should ensure that premium content is readily available from legitimate sources wherever and whenever users want to watch it, at a price that is competitive and dissuades consumers from taking the risks of prosecution or malware infection associated with piracy sites.