So I received an email from a very perceptive user the other day. The request was to look into a suspicious e-mail that accused this user of copyright infringement:
“To whom it may concern,
It has come to our attention that you have made an unauthorized use of my copyrighted work in the preparation of a work derived therefrom. We have reserved all rights in the Work, which was first published in 2008, and we have registered the copyright.
The copyrighted images which appear on your web site, are essentially
identical to the Work and clearly used the Work as its basis.
You neither asked for nor received permission to use the Work as the basis
for it nor to make or distribute copies of it. Therefore, we believe you
have willfully infringed our rights under 17 USC Section 101, et seq. and
could be liable for statutory damages as high as $100,000.
I demand that you immediately cease the use and distribution of all
infringing works derived from the Work, and all copies of it, and that you
deliver to us all unused, undistributed copies of it, or destroy such copies
immediately, and that you desist from this or any other infringement of my
rights in the future. If we have not received an affirmative response from
you by 10/05/2010 indicating that you have fully complied with these
requirements, we will be taking the full legal remedies available to rectify
Attached you will find the list of the copyrighted material you are
This particular email had a password-protected zipped (rar) attachment called n2nh1 and inside that zipped folder was a single word file named attachment. Inside the word file was a packaged PDF file that asked you to click to view the “list”. Inside the PDF was an exe file that supposedly contained the “lawsuit”. Another variation contain prompts and malicious links that will lead the victim to web sites that will install a malicious code onto a computer.
Obviously, at this point, any discerning person should immediately recognize this for what it is. What we had here was a shake down that has steadily been growing in recent months – pay us or we will sue you. This seems to be a rehash of old tactics as were employed by Davenport Lyons, ACS Law, Digiprotect etc.
The immediate red flag was the absence of any reference to the “offending material”. Second, I noticed that there was no signature attached – name, dept., phone number etc. Third, the email address was spoofed. A quick look at the email header showed that the origin of the IP address was different from that of the domain that was supposedly accusing this user of infringement. Most importantly, any attorney with an iota of self-respect would not send you a notice of infringement by email! That is what certified mail is for. The purpose of this particular tactic is not clear, but I suspect that the intent is to install fake files on a computer system that can later be used to accuse the victim of some illegal file sharing activity or copyright violation.
The US-CERT (Computer Emergency Readiness Team) has an alert on this scam and has a few pointers on how to mitigate the risk associated with it. It is easy for most tech-savvy people to thumb their noses at those who fall for this pedestrian scam, but many computer users out there are not aware of these dangers and they are the target of these kinds of scam. Many are so afraid of the sometimes ridiculous nature of our legal system that they would rather “just pay up” than spend endless time fighting a system that wants you to answer “Yes or No, Mr. John Doe?”
This is not the only kind of ransom-ware out there. There are more insidious kinds that install trojans on the computers of unsuspecting users through an “Online Virus Scan” scheme and the victim is held hostage until they buy (“activate) the “anti-virus/anti-spyware” software from the hijacker. A good example of this is the XP Internet Security 2010, XP Guardian, Antivirus XP 2010 rogue anti-spyware program that has been making the rounds.
Bottom line, if you receive an email accusing you of something you know is definitely ridiculous, and contains an attachment, delete it. A serious accuser ought to send you a “snail mail”.