We have already examined the dangerous situation users face in this potentially unwanted application (PUA)-filled world. Once users download a given PUA, they have more than a 50% chance of onboarding malware or introducing known vulnerabilities to their system. This is a very scary statistic for daily home users and IT pros alike! So in order to protect themselves, some users may decide to simply avoid downloading applications online entirely. But is this decision really going to help? And is it easy to avoid PUAs? The answer is no, especially for users who choose to illegally download films online.
This behavior, and its consequences, are so familiar to most of us in the IT security space that it's easy to forget how easily users can infect their machines, simply because they want to see the latest blockbuster in the comfort of their own home. This principle was recently demonstrated (quite humorously!) by the television show The Mindy Project, where the lead character attempts to justify her constant film piracy—and ends up with a completely infected computer within a few moments!
 |  |
 |  |
 |  |
 |  |
How accurate was this depiction of a malware infection launched via a movie download? How easy is it to inadvertently download malware when you're just trying to watch a movie? We decided to test out these questions for ourselves. For the purpose of this experiment, I started a search with key words "download movie online" and tried to capture the user experience of downloading a movie from the first link of the Google results.
When landing on the home page of this website, it immediately suggested I install "Java Plug-In 12.3".
If I click "Install Now" it redirects me to a website bestapp217.biz with a pop up asking me to install "CodecPerformerSetup.exe" from "Softango Technology LLC."
Then during the installation of this exe, it leads me to install "Search Protect", "PC Performer" and "MyPCBackup" (3 very well-known PUAs).
After installation, it redirects my browser page to performersoft.com and changes my home page to trovi.com which contains some suspicious display advertising.
After completing all of these steps, I thought I could finally get to download a movie, but I was wrong! ZUMVO then asks me to install an application called "HD Player" before allowing me to click on the download link.This leaves me no choice but to continue installing this player app, which comes from an illegitimate source. Not surprisingly, this "HD player installs some additional PUAs including "AppUpdater," "Media Player Classic" and "Sync Folder" to my system.
The "lucky" thing is that after installing these from-no-where applications, we are able to finally download some movies. We chose to download the top 10 movies in theaters at the time of our report and tried scanning them with MetaDefender Cloud.
| Movie Name | # of Engines Detected | Malware Detected As |
| Guardians of the Galaxy | 12/41 | Adware, MultPlg-B, Generic_r, PUP, Riskware, etc. |
| Teenage Mutant Ninja Turtles | 14/41 | Adware, GenVariant, FRO, PUP, Riskware, etc. |
| Let's Be Cops | 13/41 | Adware, MultiPlg-B, Generic_r, PUP, Riskware, etc. |
| If I Stay | 13/41 | Adware, GenVariant, Oleh.A, Generic_r, Riskware, etc. |
| The November Man | 14/41 | Adware, SScope.Ad, Oleh.A, Generic_r, Riskware, etc. |
| As Above, So Below | 14/41 | Adware, MultPlg-B, Generic_r, PUP, etc. |
| Lucy | 14/41 | Adware, SScope.Ad, Oleh.A, Generic_r, Riskware, etc. |
| The Giver | 4/41 | Adware, Generic_r, Riskware and Trojan |
| The Hundred-Foot Journey | 14/41 | Adware, MultiPlg-B, Oleh.A, Riskware, etc. |
| When The Game Stands Tall | 14/41 | Adware, MultiPlg-B, Generic_r, Riskware, etc. |
We expected that some of the various files or installers we collected through this test would be identified as containing suspicious items, like Adware, Riskware, PUP, etc. However, we were surprised that all of the downloaded movies were identified as potential threats by multiple anti-malware engines.
But this is still not the end of the story! We did a comparison of the system state between before and after this experiment. There were a total of 13 potentially unwanted applications installed during our attempts to download a movie!
Between the bevy of potentially unwanted applications installed through the download process to the movie files themselves being identified as malware, avoiding pirated movies is clearly the safest choice! Given today's threat environment, "free" movies are not free. The security and legal risks presented are far too great to ignore.
