Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

author photo

Fake Copyright Infringement Warnings Used to Spread Ransomware

by on May 12, 2021
in News, Computers and Software, Computer Safety & Support, Blog :: 466 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

Recently, Techlicious received a handful of posts in our comment section claiming that one of our images is violating copyright. We take copyright very seriously, so these posts immediately got my attention. But what I discovered could have actually been much worse – there was no copyright issue, it was all a ruse to trick us into installing a ransomware trojan that could have significantly disrupted our business.

Fortunately, I'm very familiar with how to recognize malware and scams, in general. But it would be easy for someone who isn't technically sophisticated to be fooled by these hackers and put their company's systems at risk.

Here are a couple of examples of the posts we received in the Techlicious comments [with Google Site URL removed]:

Hi!

My name is Jessica.

Your website or a website that your company hosts is infringing on a copyright-protected images owned by myself.

Check out this document with the links to my images you used at www.techlicious.com and my earlier publications to get the evidence of my copyrights.

Download it now and check this out for yourself:

https://sites.google.com/view/[redacted]

I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.

This letter is official notification. I seek the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the infringing materials upon receipt of this notice. If you do not cease the use of the aforementioned copyrighted material a lawsuit will be commenced against you.

I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.

I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Best regards,
Jessica Martin

and

Hi there!

This is Melangelle and I am a qualified photographer and illustrator.

I was baffled, to put it nicely, when I came across my images at your website. If you use a copyrighted image without an owner's permission, you must know that you could be sued by the owner.

It's not legal to use stolen images and it's so mean!

Check out this document with the links to my images you used at www.techlicious.com and my earlier publications to obtain the evidence of my legal copyrights.

Download it right now and check this out for yourself:

https://sites.google.com/view/[redacted]

If you don't delete the images mentioned in the file above during the next several days, I'll file a to your hosting provider letting them know that my copyrights have been severely infringed and I am trying to protect my intellectual property. 

And if it doesn't help, trust me I am going to take it to court! And I won't give you a prior notice again.

On first blush, that sounds pretty scary and is likely to get many site owners to click on the link to learn more about the details of the accusation. When you do, you will be served a webpage with a link to file with your "copyright infringement evidence."

Scam page showing File 'Copyright Infringement Evidence' is ready for downloadYour download should begin automatically. Didn’t work? Try downloading again. Download my file

In the version of the scam we received, the download is a .zip file containing a javascript (.js) file called "Copyright Infringement Evidence.js". I ran the file through Virus Total and it came back as a backdoor trojan – identified as js.Trojan.Cryxos.5779 and JS/Kryptik.BXN – that can be used to install ransomware and other malicious programs. Only 8 of the 61 malware scanning engines in Virus Total picked this up (BitDefender, Emsisoft, eScan, ESET-NOD32, FireEye, GData, MAX, NANO-Antivirus), meaning it currently has a high chance of slipping through most antimalware protection.

Screenshot of Virus Total results from scanning the Copyright Infringement Evidence.zip file showing only 8 of 61 scanning engines recognizing the ransomware: BitDefender, Emsisoft, eScan, ESET-NOD32, FireEye, GData, MAX, NANO-Antivirus

[EDITOR'S NOTE 8/12/2021: recent versions of this attack sent in by users are even more effective at evading antimalware protection. One sample was only picked up by a single vendor, NANO-Antivirus, a Russian-based antimalware organization, as Trojan.Script.Heuristic-js.iacgm. See: https://www.virustotal.com/gui/file/f2eeebca7c5d232cb4dce3698339a587ae6dc7cc98906d86573fe09a196ed95e/detection]

While this ransomware attack was directed against Techlicious through site comments, I can easily see the same attack method being attempted through email [EDITOR'S NOTE 5/13/21: readers are reporting in the comments below that the hackers are submitting these attacks through site Contact Us forms, as well.]. So it's an important reminder to be especially cautious when downloading any files from unknown third-parties or sites, and never try to open any file with an extension of .js or .exe unless you know exactly what it is and where it came from. To learn more, read our 5 tips to protect yourself against ransomware. You can also report the malware page to Google's malware reporting tool.

If you've received a similar message (on your site or via email), please post in the comments below [with the malware URL and any contact information redacted] so others will find it when doing a Google search and avoid the risk of having their systems compromised.

[Updated 5/25/2021 with information on Google malware reporting]

[Image credit: Smartphone on keyboard via BigStock Photo, screenshots via Techlicious]

Josh Kirschner is the co-founder of Techlicious and has been covering consumer tech for more than a decade. Before founding Techlicious, he was the Chief Marketing Officer for Inform Technologies, a start-up provider of semantic technology to media companies. Prior to Inform, Josh was a SVP and Managing Director in the financial services industry. Josh started his first company while still in college, a consumer electronics retailer focused on students.



Discussion loading

Copyright infringement violation

From Jackie Saul on July 18, 2022 :: 5:53 pm

Name: Bob Vazquez

Email Address: [redacted]@mailchimp.com

Subject: Attn: www.xxxx.co.nz DMCA Copyright Violation Notification email

Message: Hello, Your website or a website that your organization hosts is infringing on a copyright-protected images owned by our company (mailchimp Inc.). Take a look at this report with the URLs to our images you used at www.xxx.co.nz and our previous publications to obtain the evidence of our copyrights. Download it right now and check this out for yourself: https://storage.googleapis.com/jh76ceyau.appspot.com/m/[redacted] I believe that you willfully infringed our legal rights under 17 USC Sec. 101 et seq. and can be liable for statutory damage of up to $110,000 as set-forth in Sec. 504 (c) (2) of the Digital millennium copyright act (”DMCA”) therein. This letter is official notice. I demand the removal of the infringing materials mentioned above. Please be aware as a company, the DMCA demands you to eliminate or/and terminate access to the infringing materials upon receipt of this letter. If you don’t stop the utilization of the aforementioned copyrighted materials a lawsuit can be started against you. I do have a strong belief that use of the copyrighted materials described above as allegedly violating is not permitted by the copyright proprietor, its agent, or the legislation. I swear, under penalty of perjury, that the information in this message is correct and hereby affirm that I am certified to act on behalf of the owner of an exclusive right that is presumably violated. Sincerely yours, Bob Vazquez Legal Officer mailchimp, Inc. mailchimp.com 07/18/2022

Reply

Received via contact form

From Becca Norman on July 18, 2022 :: 8:27 pm

Message: Hello, Your website or a website that your company hosts is infringing on a copyright protected images owned by our company (mailchimp Inc.). Take a look at this official document with the URLs to our images you used at beccajnorman.com and our previous publications to obtain the evidence of our copyrights. Download it now and check this out for yourself: https://storage.googleapis.com/jh76ceyau.appspot.com/m/[redacted] I do think you’ve deliberately infringed our legal rights under 17 USC Sec. 101 et seq. and could be liable for statutory damage of up to $150,000 as set forth in Sec. 504(c)(2) of the Digital millennium copyright act (”DMCA”) therein. This letter is official notification. I seek the elimination of the infringing materials mentioned above. Take note as a service provider, the DMCA demands you to remove or terminate access to the infringing content upon receipt of this letter. If you do not cease the use of the above mentioned infringing content a law suit will be commenced against you. I have a strong self-belief that utilization of the copyrighted materials mentioned above as allegedly infringing is not authorized by the legal copyright owner, its legal agent, or the law. I swear, under consequence of perjury, that the information in this notification is accurate and hereby affirm that I am authorized to act on behalf of the owner of an exclusive and legal right that is presumably infringed. Sincerely yours, Senchual Jaleel Legal Officer mailchimp, Inc. mailchimp.com 07/18/2022

Reply

Same Bogus Message

From BL on July 18, 2022 :: 10:53 pm

I won’t bother to post the message. It’s the exact same template as all those above, still at it a year later. Mine comes from the name Chris Kostel as the email to reply to.

It definitely caught my attention, but I’m very glad I researched before clicking any links. Thanks for your helpful site! 

...The Bastards.

Reply

Full Email

From BL on July 18, 2022 :: 11:03 pm

...ChrisKostel@netsuite.com was the full email address.

Reply

The one I receive comes from zoho.com

From Hossein on July 20, 2022 :: 1:34 am

I have received many of these in the past year, but the one that I am wrapping my head around is this one, email sender is mailto:[redacted]@zoho.com

My question is that to me this email is legit. It is coming from @zoho.com but the content is the same as all other fake ones. Any comment?

Message: Hello, Your website or a website that your company hosts is violating the copyright protected images owned by our company (zoho Inc.). Take a look at this document with the hyperlinks to our images you utilized at www.xxx.com and our previous publications to find the proof of our copyrights. Download it now and check this out for yourself: https://storage.googleapis.com/t3zgeeevj.appspot.com/[redacted] I do believe you have willfully violated our rights under 17 U.S.C. Sec. 101 et seq. and could possibly be liable for statutory damage of up to $150,000 as set forth in Section 504(c)(2) of the Digital millennium copyright act (DMCA) therein. This letter is official notification. I demand the removal of the infringing materials described above. Please be aware as a company, the Digital Millennium Copyright Act requires you to remove or terminate access to the copyrighted materials upon receipt of this notification letter. If you don’t stop the utilization of the previously mentioned infringing materials a legal action can be started against you. I do have a good self-belief that use of the copyrighted materials described above as allegedly violating is not authorized by the copyright proprietor, its agent, or the law. I swear, under penalty of perjury, that the information in this notification is correct and hereby affirm that I am certified to act on behalf of the proprietor of an exclusive and legal right that is presumably infringed. Very truly yours, Paul Manoharan Legal Officer zoho, Inc. zoho.com 07/20/2022

Reply

Same scam

From Josh Kirschner on July 21, 2022 :: 9:08 am

These guys just spoof email addresses from legitimate companies to make the scam seem more believable. As you can see in the other comments, they use a number of well-known brands in the emails. The one you received is just more of the same.

Reply

It happened today on my blog comment page.

From Miyo on July 20, 2022 :: 3:37 am

Thank you for your research! It happened to me today…!


From: Kenneth <[redacted]@intuit.com>
Sub: japanwithfamily.com Digital Millennium Copyright Act (DMCA) Copyright Infringement Notification email

Message:
Hello,

Your website or a website that your company hosts is violating the copyright protected images owned by our company (intuit Inc.).

Take a look at this doc with the hyperlinks to our images you utilized at japanwithfamily.com and our previous publications to find the evidence of our copyrights.

Download it now and check this out for yourself:

https://storage.googleapis.com/q08f6ejjj.appspot.com/m/[redacted] 

I think that you intentionally infringed our legal rights under 17 USC Sec. 101 et seq. and can be liable for statutory damages as high as $120,000 as set-forth in Section 504 (c)(2) of the Digital millennium copyright act (DMCA) therein.

This message is official notification. I demand the removal of the infringing materials referenced above. Please be aware as a company, the DMCA demands you to remove and/or terminate access to the infringing materials upon receipt of this notification letter. If you do not cease the utilization of the previously mentioned infringing content a lawsuit can be started against you.

I do have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not approved by the legal copyright owner, its legal agent, or the laws.

I declare, under penalty of perjury, that the information in this letter is accurate and hereby affirm that I am authorized to act on behalf of the owner of an exclusive and legal right that is presumably infringed.


Best regards,
Kenneth Mujcic
Legal Officer
intuit, Inc.

intuit.com

Reply

Another example

From Robert Tyler on July 20, 2022 :: 11:47 am

To: XXX
Subject: New submission from Contact Us
Name
Matthew
Email
[redacted]@netsuite.com<mailto:[redacted]@netsuite.com>
Message
Hello,
Your website or a website that your company hosts is violating the copyrighted images owned by our company (netsuite Inc.).
Take a look at this official document with the links to our images you utilized at XXXX and our earlier publications to get the evidence of our copyrights.
Download it right now and check this out for yourself:XXXX
I do think you’ve deliberately infringed our rights under 17 U.S.C. Sec. 101 et seq. and could possibly be liable for statutory damages of up to $130,000 as set forth in Sec. 504(c)(2) of the Digital millennium copyright act (DMCA) therein.
This message is official notice. I seek the removal of the infringing materials described above. Take note as a service provider, the DMCA demands you to eliminate and/or deactivate access to the copyrighted materials upon receipt of this particular notice. If you do not cease the use of the previously mentioned copyrighted content a law suit will be started against you.
I have a strong self-belief that use of the copyrighted materials mentioned above as presumably violating is not permitted by the copyright proprietor, its legal agent, or the laws.
I swear, under penalty of perjury, that the information in this notification is correct and hereby affirm that I am certified to act on behalf of the owner of an exclusive right that is presumably violated.
Very truly yours,
Matthew Vega
Legal Officer
netsuite, Inc.
netsuite.com
07/18/2022
To help us reduce spam, please type the number 1826 in the field below.
rucr

Ref:MSG5055047

Reply

ANOTHER

From Brandon on July 20, 2022 :: 3:46 pm

FIRST OFF, THANK YOU FOR CREATING THIS POST!


Greg Rossetti, Greg
State  
Phone
    Country
Antigua and Barbuda
Email
[redacted]@hubspot.com
 


  - Hello,

Your website or a website that your company hosts is infringing on a copyright protected images owned by our company (hubspot Inc.).

Take a look at this document with the URLs to our images you used at www.XXXXXXXXXX.com and our earlier publications to find the evidence of our copyrights.

Download it now and check this out for yourself:

https://storage.googleapis.com/b4yzmvnrx.appspot.com/m/[redacted]

I believe you have intentionally violated our legal rights under 17 USC Sec. 101 et seq. and can be liable for statutory damages of up to $120,000 as set-forth in Section 504(c)(2) of the Digital millennium copyright act (”DMCA”) therein.

This message is official notification. I demand the removal of the infringing materials described above. Please take note as a service provider, the Dmca requires you to remove and deactivate access to the copyrighted content upon receipt of this particular notice. If you don’t stop the utilization of the previously mentioned copyrighted materials a lawsuit can be initiated against you.

I have a strong belief that utilization of the copyrighted materials mentioned above as presumably infringing is not approved by the legal copyright proprietor, its legal agent, as well as laws.

I declare, under consequence of perjury, that the information in this notification is correct and hereby affirm that I am authorized to act on behalf of the proprietor of an exclusive right that is presumably infringed.


Very truly yours,
Greg Rossetti
Legal Officer
hubspot, Inc.

hubspot.com

Reply

Got one through the contact form on our website

From GMG on August 16, 2022 :: 12:24 pm

From: Terry <[redacted]@hubspot.com>
Subject: [your-subject]

Hello,

Your website or a website that your company hosts is violating the copyright protected images owned by our company (hubspot Inc.).

Check out this document with the links to our images you used at gmggroup.org and our previous publications to get the proof of our copyrights.

Download it now and check this out for yourself:

https://storage.googleapis.com/ij3e862rr55f.appspot.com/[redacted]

I do think you have willfully infringed our legal rights under 17 U.S.C. Sec. 101 et seq. and can be liable for statutory damage as high as $130,000 as set forth in Section 504 (c)(2) of the Digital millennium copyright act (”DMCA”) therein.

This message is official notice. I seek the elimination of the infringing materials mentioned above. Please be aware as a company, the Digital Millennium Copyright Act demands you to eliminate and/or deactivate access to the copyrighted content upon receipt of this letter. If you do not cease the use of the previously mentioned copyrighted materials a legal action can be initiated against you.

I do have a good faith belief that utilization of the copyrighted materials described above as allegedly infringing is not authorized by the copyright proprietor, its agent, as well as law.

I swear, under penalty of perjury, that the information in this letter is correct and hereby affirm that I am permitted to act on behalf of the proprietor of an exclusive right that is presumably infringed.


Sincerely yours,
Terry Dickey
Legal Officer
hubspot, Inc.

hubspot.com


08/16/2022

Reply

Form submission on website

From Alissa on August 17, 2022 :: 8:53 am

Hello, Your website or a website that your organization hosts is infringing on a copyrighted images owned by our company (intuit Inc.). Take a look at this official document with the links to our images you utilized at [redacted].com and our earlier publication to obtain the proof of our copyrights. Download it now and check this out for yourself:  I think that you intentionally infringed our rights under 17 USC Sec. 101 et seq. and could be liable for statutory damages of up to $140,000 as set forth in Section 504(c)(2) of the Digital millennium copyright act (”DMCA”) therein. This letter is official notification. I demand the elimination of the infringing materials referenced above. Take note as a service provider, the Dmca requires you to remove and/or terminate access to the copyrighted content upon receipt of this notification letter. In case you do not stop the utilization of the aforementioned infringing content a law suit can be started against you. I have a good faith belief that utilization of the copyrighted materials mentioned above as presumably violating is not approved by the legal copyright owner, its legal agent, as well as legislation. I swear, under consequence of perjury, that the information in this notification is correct and hereby affirm that I am authorized to act on behalf of the proprietor of an exclusive right that is allegedly infringed. Sincerely yours, [name redacted] Legal Officer intuit, Inc. intuit.com 08/17/2022

Reply

They're still going out via contact forms

From Chris on August 22, 2022 :: 5:46 am

Full Name: Senn

Email Address: TerrySenn@[redacted].com

Telephone Number: 9179698589

Company Name: [redacted] Inc.

Message:
Hello,

Your website or a website that your company hosts is violating the copyright protected images owned by our company ([redacted] Inc.).

Take a look at this report with the URLs to our images you used at www.[yourcompany].com and our earlier publications to get the proof of our copyrights.

Download it now and check this out for yourself:

https://storage.googleapis.com/[nope]

I do think you have willfully infringed our legal rights under 17 U.S.C. Sec. 101 et seq. and could possibly be liable for statutory damages as high as $130,000 as set forth in Sec. 504 (c) (2) of the Digital Millennium Copyright Act (”DMCA”) therein.

This letter is official notification. I seek the removal of the infringing materials mentioned above. Please take note as a service provider, the Dmca demands you to eliminate or/and terminate access to the infringing content upon receipt of this particular letter. If you do not stop the use of the above mentioned copyrighted materials a legal action will likely be commenced against you.

I do have a strong belief that utilization of the copyrighted materials mentioned above as allegedly violating is not authorized by the copyright owner, its legal agent, or the legislation.

I swear, under penalty of perjury, that the information in this message is accurate and hereby affirm that I am authorized to act on behalf of the proprietor of an exclusive and legal right that is allegedly violated.


Best regards,
Terry Senn
Legal Officer
[nah], Inc.

[no].com


08/15/2022

Reply

Spam that looks like it's from Intuit

From Jane Noel on August 25, 2022 :: 7:34 pm

Hello,

Your website or a website that your organization hosts is violating the copyright-protected images owned by our company (intuit Inc.).

Check out this document with the hyperlinks to our images you used at dreamforgemagazine.com and our previous publication to get the proof of our copyrights.

Download it right now and check this out for yourself:

https://storage.googleapis.com/e899w369ygfh.appspot.com/ [redacted]

I do think that you deliberately violated our rights under 17 USC Section 101 et seq. and could possibly be liable for statutory damages as high as $120,000 as set-forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.

This letter is official notification. I seek the elimination of the infringing materials referenced above. Please be aware as a company, the Dmca demands you to eliminate and deactivate access to the copyrighted materials upon receipt of this letter. In case you do not cease the use of the aforementioned infringing content a court action can be commenced against you.

I have a good self-belief that use of the copyrighted materials referenced above as presumably infringing is not permitted by the copyright proprietor, its legal agent, as well as legislation.

I declare, under consequence of perjury, that the information in this message is correct and hereby affirm that I am certified to act on behalf of the proprietor of an exclusive and legal right that is presumably infringed.


Best regards,
George Rahnenfuehrer
Legal Officer
intuit, Inc.

intuit.com


08/26/2022

Reply

another to the list of scammers. (thank you for this post)

From kieu pham gray on August 28, 2022 :: 6:03 pm

[redacted]@hubspot.com’ submitted the form from your ‘Contact Us’ page
A user has submitted the contact form on your store.
Here are their details:
Full Name:  Boyum
Email Address:  [redacted]@hubspot.com

Phone Number:    [redacted]
Hello,

Your website or a website that your company hosts is infringing on a copyright protected images owned by our company (hubspot Inc.).

Check out this official document with the URLs to our images you utilized at XXXX.com and our previous publication to get the proof of our copyrights.

Download it right now and check this out for yourself:

https://storage.googleapis.com/zu084vpj5pi3.appspot.com/ [redacted]

I do think that you intentionally violated our legal rights under 17 U.S.C. Sec. 101 et seq. and can be liable for statutory damages as high as $130,000 as set-forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.

This message is official notification. I demand the elimination of the infringing materials described above. Please take note as a company, the Digital Millennium Copyright Act demands you to eliminate or/and deactivate access to the copyrighted materials upon receipt of this particular notification letter. If you don’t stop the use of the previously mentioned infringing content a legal action will be initiated against you.

I do have a strong faith belief that utilization of the copyrighted materials mentioned above as presumably infringing is not approved by the copyright owner, its agent, as well as laws.

I swear, under penalty of perjury, that the information in this notification is accurate and hereby affirm that I am permitted to act on behalf of the proprietor of an exclusive right that is presumably violated.


Sincerely yours,
Mike Boyum
Legal Officer
hubspot, Inc.

hubspot.com

Reply

I received one claims from Intuit, Inc

From Phoebe on August 29, 2022 :: 1:31 am

Name: Poling
E-mail:  [redacted]@intuit.com
Phone/Mobile:  [redacted]
Notes and Special Requests: Hello,

Your website or a website that your company hosts is infringing on a copyrighted images owned by our company (intuit Inc.).

Check out this official document with the URLs to our images you used at www.apexglobal.com.tw and our earlier publication to find the evidence of our copyrights.

Download it now and check this out for yourself:

https://storage.googleapis.com/kjl51nnbkg8f.appspot.com/ [redacted]

I do believe you’ve deliberately violated our rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages of up to $150,000 as set-forth in Section 504 (c)(2) of the Digital millennium copyright act (DMCA) therein.

This message is official notification. I demand the elimination of the infringing materials referenced above. Please be aware as a company, the DMCA demands you to eliminate and/or disable access to the copyrighted content upon receipt of this notice. In case you don’t cease the use of the above mentioned copyrighted materials a law suit will be started against you.

I have a strong belief that utilization of the copyrighted materials mentioned above as allegedly violating is not approved by the legal copyright owner, its agent, or the law.

I swear, under consequence of perjury, that the information in this notification is correct and hereby affirm that I am permitted to act on behalf of the owner of an exclusive right that is presumably infringed.


Sincerely yours,
Mvp Poling
Legal Officer
intuit, Inc.

intuit.com

Reply

Read More Comments: 1 2 3 4 5 6 7 8 9 10

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.