That Livestream Of A Soccer Game Is Probably A Virus

Livestreaming is risky business—with 50% of all video overlays linked to malware, computer viruses and identity theft

Jun 17, 2016 at 3:29 PM ET

It’s sort of a given that when livestreams of sporting and concerts show up online, they aren’t exactly there legally. But, the criminals behind those shady streams aren’t just out to make a buck off the companies that own the material—they’re after you too.

A new study confirms that more than half the ads that pop up on free livestream sites are malware—malicious software intended to damage computers or steal a users’ personal information.

“Our research is quite confronting,” said coauthor M. Zubair Rafique of KU Leuven-iMinds in Belgium, in a press statement. “Clicking on video overlay ads leads users to malware-hosting webpages in 50 percent of the cases.”

More Visitors To Major ‘Fappening’ Forum Exposed to Malware

We’ve all been there. You’re watching an illegal livestream of a soccer game and you absently click the big, cartoonish “X” on the screen instead of the little one that actually closes the window. By the time you realize what you’ve done, you’re already experiencing the ugly hydra of internet advertising. Hundreds of open windows flood your screen with flashing banner ads and a cacophony of noises. Every time you close one of the offending windows, two pop up in its place.

That’s because many of the most innocent virtual buttons on livestreaming sites are in fact fake links that only appear to be “buttons”—and these links direct you to pages that look deceptively similar to the real thing—until they infect your computer and make whatever was buffering on your screen the least of your worries. “Most of these [malware download] pages are made to look like the actual free livestreaming websites,” Rafique says. “That’s how they try to get users to install malware: users are tricked into believing they need special software to watch the livestream.”

But until now, nobody knew how prevalent this sort of malware could be on livestreaming sites. So for this new study, researchers built an automated tool that identified more than 23,000 free livestreaming websites and then visited those sites collectively more than 850,000 times before analyzing the resulting traffic.

The tool discovered that most of the livestream infrastructure is hosted in Europe (where there are far fewer regulations than the U.S.) and Belize. More than 60 percent of the parties providing these streams had been reported at least once for violating copyrights, and nearly 10 percent of pages used trademarked names and logos without permission. They also discovered, as many of us have the hard way, that the video players on these sites are terrible—more than 90 percent of the players had more than 80 percent of their screens covered in ads that contained deceptive buttons. As for the buttons themselves, more than 50 percent led to ad websites that were malicious in nature.

“It’s a public secret that the [livestreaming] ecosystem is not averse to using deceptive techniques to make money from the millions of users who use their services to watch live events,” said coauthor Nick Nikiforakis of Stony Brook University, in a press statement. The study elaborates: “These practices, along with the frequent accusation of copyright infringement, clearly show that [streaming] services are inclined towards intrusive and malicious monetization schemes, at the expense of user security.”