Fake RIAA copyright violation notification serves malware

First spotted nearly a week ago, notifications of copyright violation supposedly sent by the Recording Industry Association of America are still hitting inboxes around the world.

The sender’s email address is spoofed to make the message seem legitimate, and the email contains a warning and an attachment that the user is asked to open in order to see details of the violation:

Unfortunately, those users who have been tricked into downloading and running the attachment have actually installed a downloader Trojan that immediately tries to connect to a server hosted in Russia.

When it succeeds, it receives and executes orders to download further malware on the already compromised machine.

“The criminals behind this malware attack hope that at least some recipients will be sufficiently panicked enough by the threatening message to open the attached file and install its contents without due forethought,” comments Hoax-Slayer.