Issue 126 - March 2012 (1st Edition) - Page 8
RIAA Notification of Copyright Violation Malware Email
Email purporting to be from the Recording Industry Association of America (RIAA) claims that the recipient's IP address has been identified as distributing copyrighted content and instructs him or her to open an attached file to view details.
The email is not from the RIAA. The attachment contains malware that, once installed on the user's computer, can connect to a Russian website and download further malware.
Detailed analysis and references below example.
Last updated: 21st February 2012
First published: 21st February 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Notification of copyright violation
Dear [email address removed], hereby we notify you that your IP address has been identified as distributing copyrighted content. Please see the attachment to this message for illicit Internet traffic details.
Failure to respond to this message within 14 days will result in copyright infringement accusation and standard legal procedures.
Recording Industry Association of America (RIAA)
1330 Connecticut Avenue NW Suite 300
Washington, DC 20036
This email, which claims to be from the Recording Industry Association of America (RIAA), informs the recipient that his or her IP address has been identified as distributing copyrighted content. The message warns that failing to respond to the notification within fourteen days will result in "copyright infringement accusation" and legal action. The email includes an attached file that supposedly contains more details about the "illicit Internet traffic" that led to the copyright violation.
However, the email is not from the RIAA and the accusation of a copyright violation is nothing more than the bait used to entice recipients into opening the attached file. In fact, the attachment contains a trojan
, that, once installed, can connect to a website hosted in Russia and download further malware.
The criminals behind this malware attack hope that at least some recipients will be sufficiently panicked enough by the threatening message to open the attached file and install its contents without due forethought. Similar ruses have been used repeatedly in the past. In 2011, a malware email purporting to be from the FBI
claimed that the recipient's IP address had been logged on illegal websites. And, back in 2005, a variant of the Sober worm was distributed via fake FBI emails
that also accused recipients of visiting illegal websites.
Be cautious of any unsolicited email that accuses you of some wrongdoing and instructs you to open an attached file or follow a link to access further information.
Spoofed RIAA Notification Includes Trojan
FBI 'You Visit Illegal Websites' Malware Email
FBI Virus Emails - Sober Worm
Pages in this issue:
- Strawberry Quick Methamphetamine Warning
- Hoax Warning: Lost Child Lure - 'New Way for Gang Members to Rape Women'
- Hoax - Right To Be Connected to an Australian Phone Rep
- Hoax - Eating Shrimp and Taking Vitamin C Can Cause Death by Arsenic Poisoning
- Ashley Flores Missing Child Hoax
- Hoax - Facebook Will Pay One Dollar Per Like to Help Baby With a Face Cancer
- AICPA 'Tax Fraud Accusations' Malware Emails
- RIAA Notification of Copyright Violation Malware Email
- Giant Snake in Electric Fence Photographs
- Cruise Control Hydroplane Warning
- Facebook Gold Status Membership Advance Fee Scam
- Ectopia Cordis Sick Baby Facebook Hoax
- Hotmail Account Closure Phishing Scam
- 'Thomas Romany's Stuff' Warning Message
- Mark Zuckerberg and Apple Partnership Survey Scam