Malware Extorts Cash from Bittorrent Users | Torrentfreak

Malware Extorts Cash From BitTorrent Users | TorrentFreak http://torrentfreak.com/malware-extort-cash-from-bittorrent-use...

TorrentFreak

Home Contact About Archives Forum Malware Extorts Cash From BitTorrent Users

Written by enigmax on April 11, 2010

A new type of malware is riding the wave of ﬁle-sharing pre-settlement letters by infecting BitTorrent users’ machines and then demanding payments in order to make imaginary lawsuits go away. ICPP Foundation try to give the impression they are RIAA and MPAA afﬁliated but the whole thing is a scam to extort cash and obtain credit card details.

ICCP Foundation claims to be an international company operating out of Switzerland. They say they are “committed to promoting the cultural and economic beneﬁts of copyright” while assisting their partners to ﬁght “copyright theft around the world”.

In fact what they really do is operate a scam to extort money from BitTorrent users.

Right at this moment we are unsure of the exact route of infection, but somehow malware (probably in either fake ﬁle or attached virus form) is displaying a “copyright violation alert” on the victim’s screen, locking it, and redirecting users to the ICPP site where they are told they have been caught infringing copyright.

There they are warned their offenses could result in 5 years in prison and a $250,000 ﬁne and are given the option to take the (fake) case to court. They are also offered a chance to make the whole thing go away for the payment of a ‘ﬁne’ of around $400. Victims are also prompted to give their name, address and full credit card details – it is unclear how this information is further abused but it doesn’t look good.

1 of 17 4/12/10 9:27 AM Malware Extorts Cash From BitTorrent Users | TorrentFreak http://torrentfreak.com/malware-extort-cash-from-bittorrent-use...

If they select the court option, they are scared with this screen:

So that that this evil software (believed to be located at C:\Documents and Settings\Administrator\Application Data\IQManager\iqmanager.exe) more accurately targets BitTorrent users rather than just random users, it appears to scan the user’s hard drive for .torrent ﬁles and displays these as ‘evidence’ of an earlier infringement.

In order to boost their credibility, icpp-online.com claim to be afﬁliated with inﬂuential partners – the RIAA, MPAA, and The Copyright Alliance. Of course, this is a complete fabrication.

This whole approach seems very similar to that employed by so-called ‘rogue software‘ or ’scareware’ which attempt to frighten users into parting with cash for often useless software. And it seems the links to malware don’t stop there.

A WHOIS on the ICPP-Online domain reveals some contact data which shows up elsewhere in connection to other questionable activities.

Details on this new threat are scarce at the moment, so if any readers can discover more about this malware or the operation behind it, please collate the information and send it over to [email protected].

Saved in: DRM and Other Evil Tags: ICPP-Online, IQManager

Previously: Bad Publicity Forces Lawyers Out of Anti File-Sharing Cases

Next: Top 10 Most Pirated Movies on BitTorrent

28 diggs

71 tweets

retweet

No Related Posts

101 Responses (Add yours or TrackBack)

1 Apr 11, 2010 at 22:22 by Zachary D.

It is honestly too bad that people can actually fall for these without ﬁrst performing research– but it does work.

People who extort natural human thinking patterns through social engineering for purposes such as this deserve whats coming to them in my opinion.

-Zachary

2 Apr 11, 2010 at 22:24 by Anonymous

Wait till you see web browser pop-ups that do the same thing in a few months. Then it will get bad.

3 Apr 11, 2010 at 22:24 by layerbakes

eradicate it with anti-scareware!!

2 of 17 4/12/10 9:27 AM