Fake copyright infringement warnings used to spread ransomware

0



Techlicious editors independently review the products. To help support our mission, we may earn affiliate commissions from the links contained on this page.

Recently Techlicious received a handful of posts in our comments section claiming that one of our images infringed copyright. We take copyright seriously, so these articles immediately caught my attention. But what I discovered could have been a lot worse – there was no copyright issue, it was a trick to trick us into installing a ransomware Trojan that could have disrupted our business significantly.

Fortunately, I am very familiar with how to recognize malware and scams in general. But it would be easy for someone who is not technically sophisticated to be fooled by these hackers and put their company’s systems at risk.

Here are some examples of the messages we received in Techlicious comments [with Google Site URL removed]:

Hi!

My name is Jessica.

Your website or a website hosted by your business infringes copyrighted images owned by me.

Check out this document with links to my images you used on www.techlicious.com and my previous posts for proof of my copyright.

Download it now and check it out for yourself:

https://sites.google.com/view/[redacted]

I believe you have willfully violated my rights under 17 USC Section 101 et seq. and could be liable for damages of up to $ 150,000, in accordance with section 504 (c) (2) of the Digital Millennium Copyright Act (“DMCA”).

This letter is an official notification. I request the removal of the counterfeit material mentioned above. Please note that as a service provider, the Digital Millennium Copyright Act requires you to remove or disable access to infringing material upon receipt of this notice. If you do not stop using the above copyrighted material, legal action will be taken against you.

I have a good faith belief that use of the copyrighted material described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.

I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Best regards,
Jessica martin

and

Hi!

It’s Melangelle and I am a graduate photographer and illustrator.

I was taken aback, to put it mildly, when I came across my images on your website. If you use a copyrighted image without the owner’s permission, you should be aware that you could be sued by the owner.

It is not legal to use stolen images and it is so nasty!

Check out this document with links to my images you used on www.techlicious.com and my previous posts for proof of my legal copyright.

Download it now and check it out for yourself:

https://sites.google.com/view/[redacted]

If you do not remove the images mentioned in the above file over the next few days, I will file a case with your web host to let them know that my copyright has been seriously infringed and that I am trying to protect my intellectual property.

And if that doesn’t help, trust me, I’ll go to court! And I won’t give you any prior notice.

At first glance, this sounds pretty scary and will likely cause many site owners to click on the link to learn more about the details of the charge. When you do, you will receive a web page with a link to a file containing your “proof of copyright infringement”.

In the version of the scam we received, the download is a .zip file that contains a javascript (.js) file called “Copyright Infringement Evidence.js”. I executed the file through Virus Total and it came back as a backdoor Trojan – identified as js.Trojan.Cryxos.5779 and JS / Kryptik.BXN – which can be used to install ransomware and other malicious programs. Only 8 of Virus Total’s 61 malware scanning engines detected it (BitDefender, Emsisoft, eScan, ESET-NOD32, FireEye, GData, MAX, NANO-Antivirus), which means it currently has strong chances of getting through most anti-malware protections.

Screenshot of Total Virus scan results from Copyright Infringement Evidence.zip file showing only 8 of 61 scan engines that recognize ransomware: BitDefender, Emsisoft, eScan, ESET-NOD32, FireEye, GData, MAX, NANO -Anti-virus

Although this ransomware attack was directed at Techlicious through comments on the site, I can easily see the same method of attack being attempted via email. It is therefore an important reminder to be especially careful while downloading files from third parties or unknown sites, and never attempt to open a file with an extension of .js or .exe unless you do so. know exactly what it is and where it came from. To learn more, read our 5 tips to protect yourself against ransomware.

If you have received a similar post (on your site or via email), please post it in the comments below so others will find it on a Google search and avoid the risk of having their systems compromised.

[Image credit: Smartphone on keyboard via BigStock Photo, screenshots via Techlicious]

Josh Kirschner is the co-founder of Techlicious and has been covering consumer technology for over a decade. Prior to founding Techlicious, he was Marketing Director for Inform Technologies, a start-up provider of semantic technology to media companies. Prior to Inform, Josh was senior vice president and general manager in the financial services industry. Josh started his first business while still in college, a student-focused consumer electronics retailer.



Leave A Reply

Your email address will not be published.