Anti-Piracy Scam Emails Target BitTorrent Users
Written by Ernesto on September 07, 2008A new trend is surfacing, as spammers have sent out millions of emails targeting BitTorrent users. The emails, that claim to come from MediaDefender, warn the receiver that he or she has been logged using BitTorrent and points them to an attachment supposedly containing evidence, but which is in fact infected with a virus.
Over the years BitTorrent has attracted some shady figures. We’ve reported on malware ridden BitTorrent clients and media players, a BitTorrent site that infects its users with spyware, and several other scams.
Although most scams can be avoided easily when a few simple rules are followed, they still manage to trick thousands of novices every day - and this is not going to end anytime soon. Since BitTorrent has become more or less mainstream, with millions of users worldwide, it also proves an interesting target for email spammers.
The latest scam, unlike the others we have reported on before, is one that is sent by email. The email is disguised as a message from the anti-piracy company MediaDefender (using their logo etc.), and warns the recipient that his or her download behavior has been logged. The email has a report attached with more details about the infringed material, which turns out to be a virus (A Mytob worm which installs a trojan, and allows outsiders to gain access to your computer).
Pirate Spam Email
Dear User!
Your recent internet activity was logged on the following sites:
* Btjunkie
* SumoTorrent
* isoHunt
* Btscene
* Mininova
* Fenopy
* Monova
* Yotoshi
* GetInvites
* BtmonWe have attached a report about the copyrighted movies, music, softwares you
downloaded or searched on these webpages. We strongly advise you to stop any
future activities regarding the downloading of illegal content or you can
expect prosecution by 17 U.S.C. §§ 512, 1201?1205, 1301?1332; 28 U.S.C. §
4001 laws.Sincerely,
MediaDefender Inc.
To the more experienced and BitTorrent savvy users it is clear that the email is a scam. First of all, MediaDefender has never been involved in anti-piracy enforcement. The only thing they do is spoofing, flood BitTorrent sites with fake files, and the occasional DDoS attack on Revision3.
In addition, the email claims to have data on what the user searched for on the sites, which is irrelevant and practically impossible. It seems that the spammers should have done some more research on the topic. A good spammer would have included The Pirate Bay in the list of sites instead of Getinvites, which is a BitTorrent invite trading site, and not a search engine
A related scam email, sent out by the same group of people judging by the style and format, is also targeted at filesharers and threatens to suspend their Internet connection. The email claims to be sent by the Internet service provider consortium, and again includes an infected attachment with a report.
The email is a clever scam that shows how mainstream BitTorrent has become. The emails are sent out randomly, but many recipients, scared by be cut off by their ISP, or sued for downloading copyrighted material, might open the infected attachment without realizing that it is a scam.
Previously: Danish File-Sharers Not Responsible For Wi-Fi Theft
Next: Top 10 Most Downloaded Movies on BitTorrent (wk36)
40 Responses
If anyone gets a notice from mediacenter via e-mail and falls for it. They deserve to be scammed.
Shit spammers are everywhere, if they dont flood bittorent sites than they will flood emails.
fuck anti-piracy groups and those assholes who upload infected files for the MONEY!! Fuck you spammers
Few screenshots of fake/infected uploads:
http://img148.imageshack.us/img148/5905/fake4yp9.png
http://img120.imageshack.us/img120/6097/fake9zu0.png
http://img296.imageshack.us/img296/8058/infected2bd6.jpg
http://img296.imageshack.us/img296/7478/infected4iu2.jpg
http://img45.imageshack.us/img45/6999/infected5bt0.jpg
http://img391.imageshack.us/img391/5977/infected7gg2.jpg
I thought this would be comming long ago. I’m still predicting the faux MD/RIAA spam letters complete with webpage to put in your credit card numbers.
You know just like the real ones, but the money goes to gready little … wait that doesn’t differenciate it at all. :D
Heyy I am second…. Yayyy
a real mail from **AA also a scam . I don’t see much different
come on man dont come with those shitty comments like im first and im second, tired of that ****
and btw my comment is so you are thirth… Your response is awaiting moderation. :S
LMFAO at mininova.org being on the list. What fruitloops, mininova uses thepiratebay’s tracker.
nice one, number 3
@ #3: indeed **AA (and branches in other countries) are pure scam as well and someone should mark them as scam/spam/trolling
- zanfr
http://www.kruhm.org
good for bt
bad for mafiaa
I’ll add the first mildly intelligent comment to this post.
As the use of torrents and the internet grows with the general public you will also get your fair share of idiots.
Not to call everyone who is new to torrents an idiot, but people will still click the attachment EVEN though they might not have heard of half of the sites listed.
First Myspace, then Facebook, icanhascancer etc. Now they move from Limewire to torrents.
It’s good and bad news for the normal public tracker user, good because you will possibly have more content but definitely more peers.
Bad because certain aspects of torrenting will need to be dumbed down for the general populace to understand.
“Fort porward what? LoooL I dun no wut im dOiNg LOL FTW I just want to download lol not s33d. ROFLAIDS.”
Public torrent sites are great for idiots, ratio doesn’t have to be maintained and is a good learning ground for those who want to stick at it and end up on the private sites.
so what does the infected file do
it farts and smells bad thats what it does
Wow, just noticed that 305,000 ppl read the RSS feed - and I’m proud to be one of ‘em!
Probably the funniest bit is there ain’t an IP address on da letter! WTF? Um… does an IP ever count as evidence? Coz my shitty broadband modem keeps booting me offline every hour or so (it’s about to die, ya see…) and renews with a different IP addy. RIAA/MPAA Pricks.
Wait, MPAA = Megacorporate Pricks (up yer) Arse Association? Naaaww..
Oh, and hoooray! I’m last! until someone else posts a message…
My money’s on this being from the real MAFIAA. It’s a win-win situation from their perspective.
1) They get to send malware to “pirates,” which IIRC was on meevee’s wishlist of things to do. 2) If people automatically delete crap purporting to be from the MAFIAA, that means they have a better chance of getting people who won’t know they’re being sued and can’t defend themselves.
If only there was some way to get all the domains (MediaDefender.com, riaa.org, mpaa.org etc) on the email blacklists so that no email sent from those domains ever hits an inbox… not only would it solve this problem but make me a very very happy person :p
CJ
http://www.eZee.se
I for one hope this trend continues. I’ve got no pity for pirates.
Cool! File sharers have been left out for a long time by scammers, almost like second-class citizens of the Internet. Great to get into the mainstream. Why let CNN subscribers have all the fun?
MediaDefender Inc. can suck my dick!
You can say I did not open the letter
(if you unlucky enough to get the real deal)
For fear of it being spam/virus.
:p
To be honest I think this could work in the pirates favour.
I’ve always said that the anti-pirate’s work is more like a con trick than a legal defense. This could ultimately show that in the end there is no difference between the two.
If anyone gets a notice from mediacenter via e-mail and falls for it. They deserve to be scammed.
Disagree.
People shouldnt even use emails anymore, their pointless beyond belief.
Use a simple email for site registration and all that but never bother using email to contact people or send/recieve emails from people.
Use a instant messaging service, or send a SMS, or make a phone call.
Anything is better then email, dont use it!
“LMFAO at mininova.org being on the list. What fruitloops, mininova uses thepiratebay’s tracker.”
Mininova doesn’t use anyone’s tracker in particular. You can upload a torrent to it from any tracker.
I think this scam actually relatively good. Although I was 95% certain it’s spam, after reading the WHOLE text, it was the first time in years that I looked at the attachment. Unfortunately, it was just some zipped executable. So I still have to keep record myself about what I upload and download. Too bad.
IMS, SMS, phone instead of email? Very funny. Whoever said that doesn’t know shit about others’ requirements or the different properties of these communication technologies. Ever heard of asynchronous communication or encryption? Any idea what it might be good for? No? Thought so.
It is just me, or do such activities (including virus/trojan-writing) have one common facet?
I am alluding to the simple fact that those who are engaging in multi-faceted social engineering appear to be incapable of adopting a consistently believeable standard of language.
If you analyse the above hoax carefully, it should be obvious to most people that certain grammatical errors exist, which serve as warning beacons for anyone paying attention.
A prime example of this would be the use of the verb ‘can’. In a formal document, one would expect it to say ‘may’. Additionally, persons are, according to my grammar reference, prosecuted UNDER a specific bye-law or statue, not BY. Wrong preposition, if I am not mistaken.
Just my two cents of this, but Trojan Horse authors are also particularly guilty (at times) of using flawed tactics (abbreviations, non-formal register again) to convince the uninformed to download the program’s payload under the pretence of ridding their machine of a virus.
Ever seen files on emule, where the author has padded an obvious Trojan Horse with a file called cracked.nfo? This is obviously a trick to try and fool people who can recognise these malicious programs by their size (you get a feeling after a while).
Read Mitnick’s book and you’ll see how important the people factor is in any miscreant’s activities.
Why do these people keep coming out with these scams? Simple; there will always be someone who falls for them. Sad but true.
Keyboard on the blink. Sorry. Don’t have time to fix the typos, just dashed that off quickly as the thoughts came into my head.
thanks for another good heads up about the newest scam Ernesto. Not something alot of people would fall for but with the wave of letters being sent out in many countries like the U.K being very recent in the news, something like this may be taken seriously by someone knowing they did indeed do whats described in the letter. Thats the point of spamming and scamming, finding the latest realistic reasons and subjects to trick people into opening the malware. The quicker stories are pointed the better.
Um, anyone with a brain knows that if you get an e-mail saying that you’re about to be sued for file-sharing, it comes from one of two places: The MPAA and the RIAA, that’s kind of obvious. MediiaDefender only works for them, they don’t sue people.
It takes approximately 1 minute for your comment to appear on TorrentFreak after it’s posted.
That http://www.eZee.se spam is starting to get a little old…
no experienced torrent user would need to use any of those sites
too late I already got it.
LOL, Sounds like something the MPAA or RIAA would do. Wouldnt surprise me at all.
Jeffery
http://www.FireMe.To/udi
Remember,
One main argument of the anti torrenting community is “Torrenting’ is unsafe.
This is how they can justifiy you MUST by the DVD.
Simple enough.
Any tech savvy user sees that, A) Hey or she has fully updated NOD32, and B) GMAIL spam filter.
need I say more? For all you kiddies who infect yourself via bittorrent, good riddance. Keygens ALWAYS have viruses, and 419 letters will ALWAYS take many forms.
Hello, I am from Nigeria ,I am rich, please help me.
If anyone gets run by a car because they weren´t looking then they deserved to die. Jesus what a moron.
LOL, this letter is so obviously NOT from mediadefender…
It is too polite! If MD did send a letter, they would not warn you off from the sites… they would threaten to sue you, your family and everyone you have ever spoken too (and all that with NO evidence!)
And where was Demonoid on the list?
Bah ;0)
Not only will I never ever click a link in any Anti-Piracy email.. Im sort of glad the spammers have used MediaDefender… Hopefully they wont be around to much longer..
This is why I read the articles on TorrentFreak. It is THE source for what is happening of importance in the P2P world.
The know-it-alls can laugh all they want but I suspect most people who share torrents would look at an email like this and believe the worse. It is well written without the usual grammatical errors or strange symbols that your typical spam scams have. It lists a number of well known sites that most of us visit. Who isn’t going to open the “evidence” to see exactly what they have on you?
Thanks again to TorrentFreak for keeping up with the news that matters.
People fall for nigerian email scams all the time. I have no doubt paranoid pirates would fall for this as well.
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.