4:44 am (UTC-7) | by Jonathan Leopando (Technical Communications)
In recent years, the music and movie industries have become more aggressive in suing users accused of illegally sharing content. Large-scale mass lawsuits, previously used largely in Britain and Germany, have now made their way to the U.S. shores.
Given a climate wherein some users are afraid of legal threats, it is no surprise that cybercriminals have adapted this technique for their own scams as well. A new file detected as ADW_ANTIPIRACY uses this technique and combines it with methods similar to those used by rogue antivirus malware.
Like countless other FAKEAV variants, ADW_ANTIPIRACY displays a fake pop-up window. This one, however, states that information will be passed on to the courts for the appropriate lawsuits.
A larger alert window is also used by this spyware, which states the copyright violations the user allegedly carried out and contains an offer for a pretrial settlement. This step is analogous to offers to purchase a product for FAKEAV malware.
Like particularly troublesome FAKEAV variants, ADW_ANTIPIRACY also changes the user’s desktop wallpaper and displays fake warnings in the taskbar.
ADW_ANTIPIRACY offers to “solve” the user’s legal problems if he/she settles the lawsuit for a fixed amount of money, in this case, US$399.85. Again, this is similar to FAKEAV malware, which offers to “sell” a user an antivirus to “remove” the infections found.
The pop-up windows of the spyware say that a group known as the ICCP Foundation is responsible for the threatened lawsuits. In fact, a legitimate-looking website for the said (fictitious) group was also set up, although this has since been blocked as a malicious site by Trend Micro. Given the similarity in techniques, however, it is possible that the cybercriminals behind this particular scheme had previous “experience” with FAKEAV attacks.
In the past, we have encountered other attacks that leveraged worries over copyright-related lawsuits as social engineering techniques. Just last month, a spam run using this technique was found. In August and September 2008, spammed messages threatening to cut off users’ Internet access were also encountered.
Trend Micro™ Smart Protection Network™ protects users from this kind of threat by blocking access to all related malicious URLs and preventing the download and execution of the malicious file.
Share this article