Pirated textbooks & essays are full of malware

Pirated textbooks & essays are full of malware

It’s not easy being a student nowadays. Sure, your parents could cover tuition with a summer job, but things are different now. Modern-day university students contend with high fees, overpriced rents, and yes, sky-high textbook charges.

You can’t pirate a degree or a dormroom, but you can naughtily download that textbook your lecturer recommended.

(You know, the one that you can’t find in the library. The one that coincidentally was written by your professor and costs $70. The one that was used during one lesson for about ten minutes, and then quickly dumped on a shelf where it was forgotten? The one that you absolutely couldn’t buy second hand, because of some marginal change between versions? No, you’re bitter.)

But, then again, maybe you shouldn’t. Recent research from Kaspersky Labs shows that many illicitly acquired textbooks are rife with malware. During the last academic year, it identified 356,000 occasions where one of its users downloaded an infected bit of academic writing.

Surprisingly, more than two-thirds of these incidents involved the download of essays. The remaining third came from pirated textbooks. Kaspersky broke the latter category down, showing that English textbooks were among the most common type of infected academic text. Math textbooks were close behind, followed by literature course material.

Kaspersky also broke down the type of malware bundled with pirated texts. The most commonly identified strain of malicious software was the Stalk worm, which propagates across the local network and via USB flash drives and is often the precursor to a more serious attack.

Although Stalk doesn’t exhibit any immediately hazardous behavior, it can open the floodgates for an attacker to deploy even more malware.

Commenting on the findings, Roy Rashti, expert at BitDam, explained that students should be wary of downloading pirated textbooks. If they absolutely have to use illicit sources, they should take sensible precautions.

“Opening documents from unknown sources, however appealing, shouldn’t happen without skepticism and/ or some form of verification of who the sender is. If you feel that you must open a file, make sure to scan it in some way or open it in a monitored environment. There are some free tools like this one, that allows you to scan files before you open them in order to validate that they are not malicious,” he said.

Ultimately, this news from Kaspersky isn’t particularly surprising. For starters, PDF and Word files have long been weaponized by bad actors to spread malicious code. PDFs in particular are a notorious attack vector. As Marcus “MalwareTech” Hutchins once joked: “Acrobat is basically just a collection of vulnerabilities that somehow also render PDFs.”

But there’s also an economic factor. Living and tuition costs for students are continuously increasing, while their means just haven’t kept up. According to the US census bureau, textbook prices have increased by more than 800 percent between 1978 and 2014, which is more than triple the cost of inflation.

While services like Perlego and Cengage can reduce that sting somewhat, the reality remains that while university education remains prohibitively expensive, students will continue to break copyright law, placing themselves at risk as a result.

Read next: Android 10 is out on Pixel phones and more - here's how to get it