Nav: Home

Malware, data theft, and scams: Researchers expose risks of free livestreaming websites

June 15, 2016

Millions of people use free livestreaming websites to watch sports and other live events online, but this comes with a considerable security risk. Researchers from KU Leuven-iMinds (Belgium) and Stony Brook University have found that viewers are often exposed to malware infections, personal data theft, and scams. As much as 50% of the video overlay ads on free livestreaming websites are malicious.

Many users of free livestreaming websites may be aware that the video content on these websites is typically streamed without the content owner's consent. What they often underestimate, however, is the security risk that comes with watching these videos. Users may get their personal devices infected with malware, or they may be the victim of personal data theft and financial scams.

"Until now, free livestreaming services (FLIS) have mostly been analysed from a legal perspective. Our study is the first to quantify the security risk of using these services," explains M. Zubair Rafique (KU Leuven Department of Computer Science / iMinds). "We have assessed the impact of free livestreaming services on users. We also exposed the infrastructure of the FLIS ecosystem."

The researchers built a semi-automated tool that helped them identify more than 23,000 free livestreaming websites, corresponding with over 5,600 domain names (more than 20% of which are in Alexa's top 100,000 websites). They then performed more than 850,000 visits to the identified FLIS domains and analysed more than 1 Terabyte of resulting traffic.

"It's a public secret that the FLIS ecosystem is not averse to using deceptive techniques to make money from the millions of users who use their services to watch live (sport) events," says Nick Nikiforakis (Stony Brook University). "One example is the use of malicious overlay ads, which cover the video player with fake 'close' buttons. When users click these buttons, they risk being exposed to malware."

"The outcome of our research is quite confronting," adds M. Zubair Rafique. "In addition to exposing numerous copyright and trademark infringements, we found that clicking on video overlay ads leads users to malware-hosting webpages in 50% of the cases. Most of these pages are made to look like the actual free livestreaming websites. That's how they try to get users to install malware: users are tricked into believing they need special software to watch the livestream. Google Chrome and Safari are more vulnerable to this approach than other browsers, because attackers tend to target the more popular web browsers. Finally, FLIS services often use scripts that try to detect and defeat popular ad-blocker extensions."

To alert FLIS users to potentially dangerous pages, the researchers have engineered an accurate and effective classifier. The tool can also help security analysts find and report unknown FLIS pages to curb copyright and trademark infringements. In a later stage, the classifier will be made publicly available for research purposes.
-end-


KU Leuven

Related Malware Articles:

Network traffic provides early indication of malware infection
By analyzing network traffic going to suspicious domains, security administrators could detect malware infections weeks or even months before they're able to capture a sample of the invading malware, a new study suggests.
Combination of features produces new Android vulnerability
A new vulnerability affecting Android mobile devices results not from a traditional bug, but from the malicious combination of two legitimate permissions that power desirable and commonly used features in popular apps.
Weaponizing the internet for terrorism
Writing in the International Journal of Collaborative Intelligence, researchers from Nigeria suggest that botnets and cyber attacks could interfere with infrastructure, healthcare, transportation, and power supply to as devastating an effect as the detonation of explosives of the firing of guns.
Android apps can conspire to mine information from your smartphone
'What this study shows undeniably with real-world evidence over and over again is that app behavior, whether it is intentional or not, can pose a security breach depending on the kinds of apps you have on your phone,' said researcher Gang Wang.
Desktop scanners can be hijacked to perpetrate cyberattacks
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner.
New technique completely protects internet video from cyberattacks -- Ben-Gurion University study
To counter this emerging threat, Professor Hadar developed a series of algorithms that can completely prevent attackers from being able to infiltrate and extract information through videos or pictures.
Staying a heartbeat ahead of hackers
Nearly a million new forms of malware are unleashed on the world every day.
Cameras can steal data from computer hard drive LED lights -- Ben-Gurion U. study
The research team utilized the hard-drive (HDD) activity LED lights that are found on most desktop PCs and laptops.
NTU and FireEye join forces to grow the ranks of Singapore's cyber security experts
Nanyang Technological University, Singapore (NTU Singapore) and leading cyber security company FireEye are inking a partnership to explore new areas in cyber security research, and to develop courses to meet the rising demand for cyber security professionals needed to help defend critical networks.
Bring your own (security) disaster
Bring your own device (BYOD) to work is common practice these days.

Related Malware Reading:

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Climate Crisis
There's no greater threat to humanity than climate change. What can we do to stop the worst consequences? This hour, TED speakers explore how we can save our planet and whether we can do it in time. Guests include climate activist Greta Thunberg, chemical engineer Jennifer Wilcox, research scientist Sean Davis, food innovator Bruce Friedrich, and psychologist Per Espen Stoknes.
Now Playing: Science for the People

#527 Honey I CRISPR'd the Kids
This week we're coming to you from Awesome Con in Washington, D.C. There, host Bethany Brookshire led a panel of three amazing guests to talk about the promise and perils of CRISPR, and what happens now that CRISPR babies have (maybe?) been born. Featuring science writer Tina Saey, molecular biologist Anne Simon, and bioethicist Alan Regenberg. A Nobel Prize winner argues banning CRISPR babies won’t work Geneticists push for a 5-year global ban on gene-edited babies A CRISPR spin-off causes unintended typos in DNA News of the first gene-edited babies ignited a firestorm The researcher who created CRISPR twins defends...