Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









RIAA Notification of Copyright Violation Malware Email

Outline
Email purporting to be from the Recording Industry Association of America (RIAA) claims that the recipient's IP address has been identified as distributing copyrighted content and instructs him or her to open an attached file to view details.



Brief Analysis
The email is not from the RIAA. The attachment contains malware that, once installed on the user's computer, can connect to a Russian website and download further malware.

Bookmark and Share
Detailed analysis and references below example.





Last updated: 21st February 2012
First published: 21st February 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Notification of copyright violation

Dear [email address removed], hereby we notify you that your IP address has been identified as distributing copyrighted content. Please see the attachment to this message for illicit Internet traffic details.

Failure to respond to this message within 14 days will result in copyright infringement accusation and standard legal procedures.

Recording Industry Association of America (RIAA)
1330 Connecticut Avenue NW Suite 300
Washington, DC 20036
tel: 202-775-0101
fax: 202-775-7253



Detailed Analysis
This email, which claims to be from the Recording Industry Association of America (RIAA), informs the recipient that his or her IP address has been identified as distributing copyrighted content. The message warns that failing to respond to the notification within fourteen days will result in "copyright infringement accusation" and legal action. The email includes an attached file that supposedly contains more details about the "illicit Internet traffic" that led to the copyright violation.

However, the email is not from the RIAA and the accusation of a copyright violation is nothing more than the bait used to entice recipients into opening the attached file. In fact, the attachment contains a trojan, that, once installed, can connect to a website hosted in Russia and download further malware.

The criminals behind this malware attack hope that at least some recipients will be sufficiently panicked enough by the threatening message to open the attached file and install its contents without due forethought. Similar ruses have been used repeatedly in the past. In 2011, a malware email purporting to be from the FBI claimed that the recipient's IP address had been logged on illegal websites. And, back in 2005, a variant of the Sober worm was distributed via fake FBI emails that also accused recipients of visiting illegal websites.

Be cautious of any unsolicited email that accuses you of some wrongdoing and instructs you to open an attached file or follow a link to access further information.

Bookmark and Share References
Spoofed RIAA Notification Includes Trojan
FBI 'You Visit Illegal Websites' Malware Email
FBI Virus Emails - Sober Worm

Last updated: 21st February 2012
First published: 21st February 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer