Football fans who access free streams of top matches are putting their devices, and personal privacy, at great risk, according to a study.
It says the most popular sites are attracting upwards of eight million visits per month.
Like many free services, the pirate sites rely on advertising.
But with few reputable brands willing to attach their name to illegal distribution, the sites turn to malicious ads to pull in profits.
Of the thousands of streams studied, the researchers said that as many as half planted malicious software on the users' machine through forced ads and other deceptive techniques.
The researchers examined how the sites are run and from where.
As well as pop-up and overlay advertising, they observed an increase in sites demanding users install browser plug-ins in order to watch a free stream.
They said that meant not only were malicious ads appearing on the football sites, but the software was also hijacking normally safe websites.
"[To watch the stream] you have to install the extension, and once the user installs the extensions, it can infect any website the user is visiting," lead researcher Zubair Rafique told the BBC.
"So, if a person installs an extension to watch a stream, and then visits a site like BBC.com, this extension can actually change the contents of BBC.com as it appears in the user's browser so that it includes malicious links and advertising.
"This is extremely dangerous."
The study analysed over 5,000 aggregator domains - that is, sites which collate free streams for visitors to browse and watch.
In addition to the aggregation sites, it looked at the vast networks of media providers - the services that provide the actual video.
Because of that separation between the aggregator sites and media streaming services, it's difficult for authorities to effectively stamp out football piracy.
Though several aggregator sites have been shut down, the video streams are quickly moved to a different site, and the cycle continues. Aggregator sites will usually offer several different streams for the same match.
"We discovered that nearly 25% of live streams originate from the servers hosted in Belize," the study noted.
"More than 60% of analyzed streams originate from the media servers provided by only five companies located in Belize, Switzerland, the Netherlands, Sweden, and Canada.
"Additionally, we found that more than 64% of parties providing these streams have been reported at least once for violating the copyrights of content owners.
"Since only a handful of channel providers are responsible for broadcasting the majority of the live streams, we argue that a strict control on the operations of these entities, can effectively minimise the volume of illegal live streaming."
'Action is not required'
But how to force that strict control?
There are plenty of web hosts willing to, for the right price, offer speedy and protected server space for almost any kind of online operation.
Koddos is one hosting company cited by the study.
Its website states: "Main rules being no child porn, malicious scripts/pages or spam on the network, almost all other content is allowed.
"Abuse and DMCA messages will be forwarded to the client for resolution but in most cases action is not required."
DMCA - the Digital Millennium Copyright Act - is the mechanism by which companies and individuals can call for content they own to be taken down. In this case, it's a live football match.
After being approached by the BBC, Koddos said it complied with any request from the relevant authorities, adding: "We respond to such requests only when a court order is provided as we are not able without it to define if our customer is respecting laws or it is illegal.
"We are not the judge, just a provider for legal services."
In the UK, several internet service providers have been told by the courts that they must block certain websites. It makes it much more difficult for web users to reach those specific sites, but does little to stop others appearing elsewhere.
Of course, football is not the only type of entertainment to be exploited by pirates.
The music, movie and software industries were the first to feel the disruptive effects of file-sharing, and in time have fought to provide better legal options for accessing the content they offer.
While a "Spotify for football" may be an ideal solution, it's unlikely any company that currently broadcasts football would be keen to undercut its lucrative TV subscription business.
Showing football costs serious money.
Between BT Sport and Sky, £5.1bn is being spent to own rights to Premier League football for the next few seasons.
In an effort to be flexible, and an acknowledgement that people want to watch sport away from their sofas, Sky Sports launched Now TV, which allows online access.
But at £6.99 for a day pass, it's unlikely to tempt certain types of people away from pirated sources. Even if, as this study suggests, it comes with significant risk.