Trend Micro Advanced Threats Researchers Ivan Macalintal and Paul Ferguson report that Internet spammers have turned to file-sharing scare-tactics. This is to entice would-be victims to open a malicious attachment, threatening the unfortunate recipients with interrupted Internet connectivity or legal action.
Here are screenshots of two sample email messages:
Figure 1. A certain “ISP Consorcium” [sic] purports to protect the rights of software authors by monitoring networks.
Figure 2. Media Defender, a company known to protect clients from copyright infringement, was used this time. The spam says that the company claimed to have logged Internet activity on several BitTorrent sites.
Recipients are most likely to be motivated by fear to fall for this ruse. It is, after all, the Internet surfer’s worst nightmare to have all their Internet activities known to other parties — epecially those who threaten legal prosecution.
These spam runs seem to use a self-righteous tone against piracy, which makes the ruse even all the more believable. (Remember the Feds supposedly scanning Facebook accounts? Or how about the even more far-fetched one about the death of the Internet?)
However, downloading the attached file is not in the recipient’s best interests. We advise users to consider all unsolicited email suspect. We are currently investigating this incident and will update this entry as more information becomes available.