Outline Email purporting to be from the Recording Industry Association of America (RIAA) claims that the recipient's IP address has been identified as distributing copyrighted content and instructs him or her to open an attached file to view details.
The email is not from the RIAA. The attachment contains malware that, once installed on the user's computer, can connect to a Russian website and download further malware.
Dear [email address removed], hereby we notify you that your IP address has been identified as distributing copyrighted content. Please see the attachment to this message for illicit Internet traffic details.
Failure to respond to this message within 14 days will result in copyright infringement accusation and standard legal procedures.
Recording Industry Association of America (RIAA)
1330 Connecticut Avenue NW Suite 300
Washington, DC 20036
This email, which claims to be from the Recording Industry Association of America (RIAA), informs the recipient that his or her IP address has been identified as distributing copyrighted content. The message warns that failing to respond to the notification within fourteen days will result in "copyright infringement accusation" and legal action. The email includes an attached file that supposedly contains more details about the "illicit Internet traffic" that led to the copyright violation.
However, the email is not from the RIAA and the accusation of a copyright violation is nothing more than the bait used to entice recipients into opening the attached file. In fact, the attachment contains a trojan, that, once installed, can connect to a website hosted in Russia and download further malware.
The criminals behind this malware attack hope that at least some recipients will be sufficiently panicked enough by the threatening message to open the attached file and install its contents without due forethought. Similar ruses have been used repeatedly in the past. In 2011, a malware email purporting to be from the FBI claimed that the recipient's IP address had been logged on illegal websites. And, back in 2005, a variant of the Sober worm was distributed via fake FBI emails that also accused recipients of visiting illegal websites.
Be cautious of any unsolicited email that accuses you of some wrongdoing and instructs you to open an attached file or follow a link to access further information.