During the last few days a virus scam targeting torrent site users has reappeared. Internet users receive an email informing them they have been monitored by anti-piracy company MediaDefender on various torrent sites. Although a log file is included to ‘prove’ infringements, it contains what is being described as a “banking trojan”.
The latest in a long line of scams targeting email users is attempting to capitalize on the increasing number using BitTorrent sites.
Targets of the scam receive an unsolicited email purporting to come from notorious anti-piracy company MediaDefender. The email, which is simply addressed “Dear User!” claims the individual has been monitored on any of several torrent sites while engaging in anything from copyright infringement, through to simply browsing the sites.
Of course, citing MediaDefender is a nonsense, since that company doesn’t get involved in anti-piracy warning letters – its specialty was spoofing on BitTorrent networks.
Additionally, most of the sites listed don’t even operate a tracker, so committing any type of copyright infringements on them is almost impossible. Here is the body of the email;
Pirate Scam Spam
Your recent internet activity was logged on the following sites:
hxxp://XXXXX.net/report_78478XX.exe (XX added by TorrentFreak)
We have a report about the copyrighted movies, music, softwares you downloaded or searched on these webpages. We strongly advise you to stop any future activities regarding the downloading of illegal content or you can expect prosecution by 17 U.S.C.512,1201?1205,1301?1332; 28 U.S.C. 4001 laws.
So what is this scam all about? Attached to the email is a logfile which supposedly provides additional information about the user’s infringements, but of course this is a lie – the log is really a virus.
This type of scam is nothing new – the same type of thing has been tried before, probably by the same people. However, this time the virus is different. Here is the report, courtesy of ThreatExpert;
Threat characteristics of ZBot – a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system. Creates a startup registry entry. Contains characteristics of an identified security risk.
Savvy Internet users will hopefully realize the email is a scam fairly quickly, but hardened file-sharers should smell a rat even earlier due to the omission of demands for money.