In late March or very early April 2010, a fairly unusual and in parts quite ingenious piece of malware started circulating. After a Windows user was infected with a file – iqmanager.exe in a sub-directory of /documents and settings – the badware went to work, scanning the host machine for evidence of BitTorrent use.
Once the malware had found .torrent files, it used their filenames to generate a fake ‘copyright infringement’ report warning the user that their ‘offenses’ could result in 5 years in prison and a $250,000 fine.
Of course, in the true spirit of all pay-up-or-else schemes, they were also given the option to make the whole thing go away by paying a ‘fine’ of around $400, as can be seen from the screenshot below
The whole scam was run by an outfit calling themselves the ICCP Foundation and now, thanks to a report from security expert Brian Krebs, we can see what kind of money was involved in this scam.
Last year, thousands of documents were leaked from Chronopay, Russia’s largest processor of online payments, and Krebs managed to get his hands on them. They revealed that Chronopay is up to its neck in the operations of “high-risk” industries – ones with the greatest chance of credit-card chargebacks and the companies involved doing high-speed disappearing acts.
Krebs notes that Chronopay “handsomely profited from the market for scareware, programs that infiltrate victim PCs to display fake security alerts in a bid to frighten users into paying for worthless security software,” so it comes as no surprise that ICCP Foundation – or ICCP-Online as they are referred to in Chronopay’s documents – are partners of the payment processor.
As can seen from the cropped screenshot below, hundreds of people fell for the scam, with 451 people using Visa to pay nearly $220,000 and 129 using Mastercard to hand over just under $63,000.
With 580 people paying $283,000, each payment works out to around $483, which sounds roughly right given the sample screenshots given to TorrentFreak when we first reported the scam. Krebs points out that the message in Russian at the top of the email says that the calculation formula may have been producing errors, but this appears to be a reference to the fraud counts as highlighted in yellow on the full screenshot which can be found here.
Its worth mentioning that these figures only show 2 active months for the scam, so the true amounts could actually be higher.
If anything, the above shows how easy it is to extract money from BitTorrent users, whether one is a legitimate lawyer, a scam artist, or one of the copyright trolls that fall in between.