More than you bargained for: Your affordable new PC may come loaded with Malware
More than 80% of Pirated Software-Loaded New PCs in Asia are infected with Malware. Pirated software will likely cost users more than they bargain for, while offering a fertile ground for cybercriminals to exploit compromised devices.
A Microsoft sweep of PC test purchasing revealed that more than four in five (83%) brand new PCs in targeted countries in Asia are loaded with pirated software. The PC samples selected were purchased from retailers that offered PCs at much lower cost and free software bundles to lure customers. In many cases, these retailers also sold pirated software at their store.
Aimed to educate consumers and owners of small and medium enterprises (SMEs) in the region, Microsoft's Asia PC Test Purchase Sweep provides insights on the extensive prevalence of new PCs loaded with pirated software and the risks that they can pose to individuals and businesses.
"Cybercriminals are constantly evolving their techniques to evade security measures, and embedding their malware into pirated software is one of their tactics as it allows them to compromise large numbers of PCs and access vast amount of stolen credentials with ease," said Mary Jo Schrade, Assistant General Counsel & Regional Director, Digital Crimes Unit, Microsoft Asia.
"When vendors sell pirated software containing malware in their PCs, they are not only fueling the spread of malware in the region but are also putting their customers' personal information and digital identity at the mercy of cybercriminals," added Schrade.
The Risks of Using Pirated Software
Schrade says cybercrime disregards geopolitical borders as the Internet grants anonymity. At this point it is important to understand how a malware is created. Often software makers release patches for their software because there may be a vulnerability. Most cyber criminals first learn of these vulnerabilities through these patches and then go on to engineer and malware to exploit it. They are counting on the fact that millions of users around the world are never bothered about updating their software and installing the patches.
For example, the popular malware Ramnit came into existence around 2015 and it exploited a vulnerability for which a patch existed months before it burst in to the scene. In the end it affected 3.2 million unique IPs across 195 countries.
The sweep found that one of the most common practices for vendors installing pirated software on new PCs is to turn off the security features, such as anti-virus software and Windows Defender as doing this allows them to run the hack-tools needed to activate the pirated software. However, this leaves PCs vulnerable to malware and other cyberthreats, and the buyers of these PCs may not even realize that their PC is not being protected.
The sweep also uncovered that 84% of the new PCs loaded with pirated software were infected with some type of malware, with the most common malware being Trojans and viruses.
o Trojans are a type of malware that is employed by cybercriminals to gain remote access and control of devices, allowing them to spy on the users and steal private data. While Trojans typically depend on some form of social engineering to trick users into loading and executing them, bundling them with pirated software makes it easier for cybercriminals to compromise and control PCs.
o Viruses are another type of malware which can cause infected computers to do a variety of things which are not beneficial to the PC owner, such as terminating devices' security features, sending spam messages, and contacting remote hosts to download additional malware.
These findings are particularly concerning as customers buy PCs that offer special deals which are cheap and come with free software, not realizing the risks they may be exposing themselves to. In most cases, they may not even realize that the security features of their PCs are turned off and may fail to spot suspicious activities on their devices. Many of these infected PCs' users are highly susceptible to data loss, including personal documents and sensitive information such as passwords and banking details, as well as identity theft where they lose control of their social media and email accounts. Users might also experience compromised PC performance as malware, running in the background, can slow down devices.
All these factors can lead to consumers and businesses chalking up significant monetary, time and productivity losses as they work to resolve the issues. Associate Professor Biplab Sikdar, Department of Electrical & Computer Engineering, National University of Singapore (NUS), Faculty of Engineering, who led a team of researchers to study the dangers of downloading and using pirated software last year, said: "Users usually turn to pirated software as they are cheaper. The truth is that the financial costs and risks of using pirated software are often steeper than they can imagine."
"Users need to be more vigilant when purchasing new PCs and should never fall for a bargain that appears too good to be true. The short-term cost savings are insignificant compared to the irrevocable loss of their digital identity and personal data," shared Associate Professor Sikdar.
Key Cyber-Hygiene Practices for Individuals and SMEs
"Using genuine software is the first line of defense against cybercriminals," said Mary Jo. The most fundamental step that users can take to safeguard themselves digitally is to always insist on buying PCs from established retailers and not ones that also sell pirated software, and ensuring they are getting genuine software. Consumers should refer to software vendors' websites to learn how they can distinguish between genuine and pirated software.
Besides using genuine software, people can also consider and adhere to the following recommendations to better protect themselves:
o Keep software current with the latest security patches, which are always free.
o Follow safe Internet practices and do not visit potentially dangerous websites, such as those that offer adult content, illegal downloads, and pirated software, as well as file sharing portals.
o Avoid using very old software which has reached its end of life and is no longer supported by the software vendor for updates and security patches.
The Asia PC Test Purchase Sweep examined a total of 166 new PCs from 9 markets across Asia - India, Indonesia, Korea, Malaysia, Philippines, Singapore, Taiwan, Thailand and Vietnam.
(Disclaimer - The author was on a Microsoft sponsored trip to Singapore)