MediaDefender Virus Scam Targets Torrent Site Users
Written by enigmax on June 29, 2009During the last few days a virus scam targeting torrent site users has reappeared. Internet users receive an email informing them they have been monitored by anti-piracy company MediaDefender on various torrent sites. Although a log file is included to ‘prove’ infringements, it contains what is being described as a “banking trojan”.
The latest in a long line of scams targeting email users is attempting to capitalize on the increasing number using BitTorrent sites.
Targets of the scam receive an unsolicited email purporting to come from notorious anti-piracy company MediaDefender. The email, which is simply addressed “Dear User!” claims the individual has been monitored on any of several torrent sites while engaging in anything from copyright infringement, through to simply browsing the sites.
Of course, citing MediaDefender is a nonsense, since that company doesn’t get involved in anti-piracy warning letters – its specialty was spoofing on BitTorrent networks.
Additionally, most of the sites listed don’t even operate a tracker, so committing any type of copyright infringements on them is almost impossible. Here is the body of the email;
Pirate Scam Spam
Dear User!
Your recent internet activity was logged on the following sites:
* Btjunkie
* SumoTorrent
* isoHunt
* Btscene
* Mininova
* Fenopy
* Monova
* Yotoshi
* GetInvites
* Btmonhxxp://XXXXX.net/report_78478XX.exe (XX added by TorrentFreak)
We have a report about the copyrighted movies, music, softwares you downloaded or searched on these webpages. We strongly advise you to stop any future activities regarding the downloading of illegal content or you can expect prosecution by 17 U.S.C.512,1201?1205,1301?1332; 28 U.S.C. 4001 laws.
Sincerely,
MediaDefender Inc.
So what is this scam all about? Attached to the email is a logfile which supposedly provides additional information about the user’s infringements, but of course this is a lie – the log is really a virus.
This type of scam is nothing new – the same type of thing has been tried before, probably by the same people. However, this time the virus is different. Here is the report, courtesy of ThreatExpert;
Threat characteristics of ZBot – a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system. Creates a startup registry entry. Contains characteristics of an identified security risk.
Savvy Internet users will hopefully realize the email is a scam fairly quickly, but hardened file-sharers should smell a rat even earlier due to the omission of demands for money.
Previously: ISPs Doubt Accuracy of Anti-Piracy Evidence
Next: The Pirate Bay Sold To Software Company, Goes Legal
43 Responses
Well, that’s just lovely.
Though I can’t be sure how effective this could actually be, since I wouldn’t open an anti-piracy email if I got one. :P
Especially from MediaDefender.
Ridiculous.
What is the name of the attached file?
1) I am not in the US
2) Hope they got on my email save list… ;)
I hope that they realize that the people who download pirated files are smart enough to scan all exe’s before opening them. They are probably also smart enough to simply not open exe’s from unknown sources (especially enemy ones)
First thing I would probably notice would be the .exe… then probably the lack of IP/money demands, and the generic attributes of the letter… and the email it came from
If you’re dumb enough to open a log file in .EXE format, maybe you should get a virus.
Wasn’t that company disbanded?
if you’re dumb enough to still be using torrents, the joke’s on you if you get infected with that…
You would be surprised at just how many people would open it. Don’t forget that this scam is aimed at everyone, not just file sharers. A very large percentage of computer users have no technical knowledge.
I also notice that The Pirate Bay is missing from the list, so the authors of this spam are not too intelligent.
Uh, this is nothing new.
And the policy of don’t download and run anything executable still applies.
You have to be a complete moron to run these things.
That EXE doesnt look good…
do they use the same email address to send the email from everytime , or random one? if it is just one , can you post it so we can add to block list please
This should put them behind bars. Spreading viruses hahah what a tactic to use.
I received this email around 1 year ago. I just trashed it at that time. LOL.
To the more experienced and BitTorrent savvy users it is clear that the email is a scam. First of all, MediaDefender has never been involved in anti-piracy enforcement. The only thing they do is spoofing, flood BitTorrent sites with fake files, and the occasional DDoS attack on Revision3.
In addition, the email claims to have data on what the user searched for on the sites, which is irrelevant and practically impossible. It seems that the spammers should have done some more research on the topic. A good spammer would have included The Pirate Bay in the list of sites instead of Getinvites, which is a BitTorrent invite trading site, and not a search engine
A related scam email, sent out by the same group of people judging by the style and format, is also targeted at filesharers and threatens to suspend their Internet connection. The email claims to be sent by the Internet service provider consortium, and again includes an infected attachment with a report.
The email is a clever scam that shows how mainstream BitTorrent has become. The emails are sent out randomly, but many recipients, scared by be cut off by their ISP, or sued for downloading copyrighted material, might open the infected attachment without realizing that it is a scam.
One thing everyone has omitted mention of — who actually registers their email address at any of the bittorrent sites they download stuff from?
Hmmm…?
Yeah, of course not. So how would they contact you by email if it was real anyway?
Logic.
Honestly I want to get an email like this, open it up in a virtual machine of some sort, or a useless computer that has nothing but an operating system on it, and see what happens.
Wait, how would the scammers contact you in the first place?
Actually i want more of this stuff, i want scams in mailboxes all over!
More people get to know about the modern worldwide maffia.
“or searched” hahahahah, so its a crime just to think about doing things now.
Wow, free speech huh?
Hey, try to enforce: “We strongly advise you to stop any future activities regarding the downloading of illegal content or you can expect prosecution by 17 U.S.C.512,1201?1205,1301?1332; 28 U.S.C. 4001 laws.”
Try to enforce that US Federal Law, on a sovereign nation, that does not follow US laws.
However, I do respect they are the World Police… fuck ya. Freedom isn’t fuckin’ free, YOU have to pay a hefty fuck’n fee
Juden taten 9/11
First, running an operating system where .exe files pose no threat, I laugh once again by the ignorance and stupidity of people who just follow everyone else… ohhhhh here we go…
A) If you fall for this, you deserve to be castrated and sodomized (anals), not necessarily in that order.
B) Obviously its a scam, a hilarious one at that, because you idiots fall for it.
C) by reading this, you can expect prosecution by 17 U.S.C.512,1201?1205,1301?1332; 28 U.S.C. 4001 laws.
hahaha look up that particular law… its a federal law, unconstitutional easily fought in the higher courts, if you have the time/intelligence/free will. Secondly, outside of the US? hahaha you already are winning!
Sheeple “MediaDefender I love it when you shove your gigantic falis into my tight little arse and go to town… ummmmmmm ya, okay okay whats that? Okay, I will stop downloading… oh yeah thats the spot, get the fist…”
Yeah, Media defender founders (two limpdick loosers) needs to be taking out back, shot, then their families will receive the 1.75 bill for the bullet and the shallow grave digging bill. Because they can’t get it up, they think they can expload their whiteshots of power all over the world.
@21
Anals… classic
This type of bot is nothing new, just the way its being sent.
I’d never dl any of that BS, but I got a nasty trojan on my computer thanks to TPB when it was all messed up and redirecting my traffic. Had to reformat the ‘ol PC, I wish this on not even my worst enemies because it disables all anti-virus software – and believe me I tried every single option out there!
this is why i use demonoid
Surely pirates don’t buy anything of the internet, ergo have no need to enter banking details.
LOL. You have to be a rather ignorant person to buy an exe being some sort of a report. I’d like to think torrent users are mostly smarter than that – or perhaps some aren’t, but they might be getting a lesson very soon…
@27
if you use demonoid u will get just as many letters and scams..
Since I use Sandboxie for opening everything – I would be unaffected – LOL Epic FAIL!
OMG – The Pirate Bay has been bought out…
http://techdirt.com/articles/20090630/0104135410.shtml
A company I’ve never heard of claims to have bought The Pirate Bay.
http://www.globalgamingfactory.com/
What’s the problem? We’ll just start a new site. It’s not like we really have to keep using TPB – Let’s just start The Pirate Lake or something.
Isn’t it a felony in the u.s. to knowingly send a virus to another person?
Let’s see… Haven’t logged in to the email/personal account I got together with the internet subscription from my isp… since 3-4 years back…
=> Chances I’ll find myself reading this email ~0%.
…And it would not make much sense for them to send them to the web mails I use, even if, or rather especially if valid, they wouldn’t exactly be able to prove any connections… (of course I understand that the above creates some risk for the connection if unread VALID warnings keep piling in the ‘unused’ account, but I choose not to worry too much.)
Im have not been downloading torrents that long im kinda new to it but Shi’t I dont read stuff like that so fuc’k off mediadefender you skanks
Linux for the Win! Just TRY to make a virus that will work on that. :P
all ppl assume the attachment is .exe but very often they send .scr
so some ppl fall on to it
b aware
i hope the anti-virus vendors get this detected fast
COME TO A BETTER PLACE, WITH BETTER RELEASES, FASTER SEEDS, FASTER SPEEDS, FOR ALL YOUR BIT TORRENT PROTOCOL NEEDS:
http://extratorrent.com
ET is the place to be :-)
Makes me glad to be a linux user! The ultimate .exe file blocker.
Gee, thanks “MediaDefender” for the list of torrent sites. Now I know a few extra places where I can download stuff. hehe :)
3 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.