Incident Response, Malware, Network Security, TDR, Threat Management

BitTorrent users targeted in new trojan extortion ploy

Story updated on Tuesday, April 13 at 10:40 a.m. EST

Step aside, rogue anti-virus software. There is a new scareware method in town.

Security experts warned on Monday that attackers are targeting users of BitTorrent, a file-sharing application, in a novel scam that attempts to panic them into spending cash to avoid fines and imprisonment.

The extortion ploy works like this: A trojan is installed on victims' machines and it elicits pop-up messages in BitTorrent. It is unclear how the malware, dubbed Rogue:W32/DotTorrent.A by security firm F-Secure, is installed on affected systems.

The messages falsely inform users that a scanner has uncovered illegal torrents in their system and, if victims fail to pay nearly $400 as part of a "pre-trial settlement," they face stiff penalties, Mikko Hypponen, chief research officer at F-Secure, said Monday in a blog post.

The bogus "copyright violation alerts" claim to come from ICPP Foundation, a rogue organization whose website became inaccessible on Monday, and threaten five years in prison and $250,000 in fines for failing to pay up.

Hypponen said the ruse is "completely fake" and will appear even if a user's BitTorrent program contains all legal files.

"Most importantly: Refuse to pay money to these clowns," he said. "If people pay them, the problem will only grow bigger."

Simon Morris, vice president of marketing and products at BitTorrent Inc., told SCMagazineUS.com in an email Monday that the San Francisco-based company was aware of reports of the racket but has not received any complaints from customers.

"We often hear from users who have been tricked into paying for our freeware — sadly a common problem with popular freeware — but have not yet spoken with anyone caught up in this type of scam," he said. "Obviously we think it is all quite unfortunate."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.