Malware Extorts Cash From BitTorrent Users
A new type of malware is riding the wave of file-sharing pre-settlement letters by infecting BitTorrent users’ machines and then demanding payments in order to make imaginary lawsuits go away. ICPP Foundation try to give the impression they are RIAA and MPAA affiliated but the whole thing is a scam to extort cash and obtain credit card details.
ICCP Foundation claims to be an international company operating out of Switzerland. They say they are “committed to promoting the cultural and economic benefits of copyright” while assisting their partners to fight “copyright theft around the world”.
In fact what they really do is operate a scam to extort money from BitTorrent users.
Right at this moment we are unsure of the exact route of infection, but somehow malware (probably in either fake file or attached virus form) is displaying a “copyright violation alert” on the victim’s screen, locking it, and redirecting users to the ICPP site where they are told they have been caught infringing copyright.

There they are warned their offenses could result in 5 years in prison and a $250,000 fine and are given the option to take the (fake) case to court. They are also offered a chance to make the whole thing go away for the payment of a ‘fine’ of around $400. Victims are also prompted to give their name, address and full credit card details – it is unclear how this information is further abused but it doesn’t look good.

If they select the court option, they are scared with this screen:

So that that this evil software (believed to be located at C:\Documents and Settings\Administrator\Application Data\IQManager\iqmanager.exe) more accurately targets BitTorrent users rather than just random users, it appears to scan the user’s hard drive for .torrent files and displays these as ‘evidence’ of an earlier infringement.
In order to boost their credibility, icpp-online.com claim to be affiliated with influential partners – the RIAA, MPAA, and The Copyright Alliance. Of course, this is a complete fabrication.
This whole approach seems very similar to that employed by so-called ‘rogue software‘ or ‘scareware’ which attempt to frighten users into parting with cash for often useless software. And it seems the links to malware don’t stop there.
A WHOIS on the ICPP-Online domain reveals some contact data which shows up elsewhere in connection to other questionable activities.
Details on this new threat are scarce at the moment, so if any readers can discover more about this malware or the operation behind it, please collate the information and send it over to tips@torrentfreak.com.

Pingback: Pirate Home Page » Malware Extorts Cash From BitTorrent Users
Pingback: Usan malware para extorsionar a usuarios de bittorrent | TengoTecno.com
Pingback: Warning: grosso rischio truffa e malware per gli utenti BitTorrent
Pingback: Malware Extorts Cash From BitTorrent Users | TorrentFreak
Pingback: Haittaohjelma uhkailee laittomia latailijoita | Digilelut
Pingback: ???? ????. | Play » ????? ???????? ?????? ?? ????????
Pingback: Estafas en línea inspiradas en estrategias antipiratería | Home
Pingback: malware cash scam by ICCP Foundation
Pingback: Virusi care cer Bani – atac asupra utilizatorilor BitTorrent
Pingback: NEWS: Copyright malware appears on Bittorrent | iPod and iPhone
Pingback: Ransomware and BitTorrent Scam « Malware Survival
Pingback: Malware Extorts Cash From BitTorrent Users « The College of Arts and Sciences – Gathering Point for Technology at the University of Oregon
Pingback: Ransomware Malware Threatens to Sue Bit Torrent Pirates | We Control The Net
Pingback: NEWS: Copyright malware appears on Bittorrent | DigiCamBlog: Digital Camera Tips and Techniques
Pingback: Usuarios de BitTorrent: cuidado con el virus chantajista | tuexperto.com
Pingback: Usuarios de BitTorrent: cuidado con el virus chantajista - Vaya Huevos
Pingback: UniversoTek » ¡Cuidado con el virus chantajista! [BitTorrent]
Pingback: bittorrent « Javierserna's Blog
Pingback: Wtf?!?!?! Copyright violation : Copyrighted content detected??!!!?!! - Page 2 - Grasscity.com Forums
Pingback: La violation des droits d’auteurs – le malware de la fondation ICPP
Pingback: BitTorrent Extortion? « TTC Shelbyville – Technical Blog
Pingback: BitTorrent users beware: New Virus - E-Cigarette Forum