Recently, Techlicious received a handful of posts in our comment section claiming that one of our images is violating copyright. We take copyright very seriously, so these posts immediately got my attention. But what I discovered could have actually been much worse – there was no copyright issue, it was all a ruse to trick us into installing a ransomware trojan that could have significantly disrupted our business.
Fortunately, I'm very familiar with how to recognize malware and scams, in general. But it would be easy for someone who isn't technically sophisticated to be fooled by these hackers and put their company's systems at risk.
Here are a couple of examples of the posts we received in the Techlicious comments [with Google Site URL removed]:
Hi!
My name is Jessica.
Your website or a website that your company hosts is infringing on a copyright-protected images owned by myself.
Check out this document with the links to my images you used at www.techlicious.com and my earlier publications to get the evidence of my copyrights.
Download it now and check this out for yourself:
https://sites.google.com/view/[redacted]
I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.
This letter is official notification. I seek the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the infringing materials upon receipt of this notice. If you do not cease the use of the aforementioned copyrighted material a lawsuit will be commenced against you.
I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.
I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Best regards,
Jessica Martin
and
Hi there!
This is Melangelle and I am a qualified photographer and illustrator.
I was baffled, to put it nicely, when I came across my images at your website. If you use a copyrighted image without an owner's permission, you must know that you could be sued by the owner.
It's not legal to use stolen images and it's so mean!
Check out this document with the links to my images you used at www.techlicious.com and my earlier publications to obtain the evidence of my legal copyrights.
Download it right now and check this out for yourself:
https://sites.google.com/view/[redacted]
If you don't delete the images mentioned in the file above during the next several days, I'll file a to your hosting provider letting them know that my copyrights have been severely infringed and I am trying to protect my intellectual property.
And if it doesn't help, trust me I am going to take it to court! And I won't give you a prior notice again.
On first blush, that sounds pretty scary and is likely to get many site owners to click on the link to learn more about the details of the accusation. When you do, you will be served a webpage with a link to file with your "copyright infringement evidence."
In the version of the scam we received, the download is a .zip file containing a javascript (.js) file called "Copyright Infringement Evidence.js". I ran the file through Virus Total and it came back as a backdoor trojan – identified as js.Trojan.Cryxos.5779 and JS/Kryptik.BXN – that can be used to install ransomware and other malicious programs. Only 8 of the 61 malware scanning engines in Virus Total picked this up (BitDefender, Emsisoft, eScan, ESET-NOD32, FireEye, GData, MAX, NANO-Antivirus), meaning it currently has a high chance of slipping through most antimalware protection.
[EDITOR'S NOTE 8/12/2021: recent versions of this attack sent in by users are even more effective at evading antimalware protection. One sample was only picked up by a single vendor, NANO-Antivirus, a Russian-based antimalware organization, as Trojan.Script.Heuristic-js.iacgm. See: https://www.virustotal.com/gui/file/f2eeebca7c5d232cb4dce3698339a587ae6dc7cc98906d86573fe09a196ed95e/detection]
While this ransomware attack was directed against Techlicious through site comments, I can easily see the same attack method being attempted through email [EDITOR'S NOTE 5/13/21: readers are reporting in the comments below that the hackers are submitting these attacks through site Contact Us forms, as well.]. So it's an important reminder to be especially cautious when downloading any files from unknown third-parties or sites, and never try to open any file with an extension of .js or .exe unless you know exactly what it is and where it came from. To learn more, read our 5 tips to protect yourself against ransomware. You can also report the malware page to Google's malware reporting tool.
If you've received a similar message (on your site or via email), please post in the comments below [with the malware URL and any contact information redacted] so others will find it when doing a Google search and avoid the risk of having their systems compromised.
[Updated 5/25/2021 with information on Google malware reporting]
[Image credit: Smartphone on keyboard via BigStock Photo, screenshots via Techlicious]
Josh Kirschner is the co-founder of Techlicious and has been covering consumer tech for more than a decade. Before founding Techlicious, he was the Chief Marketing Officer for Inform Technologies, a start-up provider of semantic technology to media companies. Prior to Inform, Josh was a SVP and Managing Director in the financial services industry. Josh started his first company while still in college, a consumer electronics retailer focused on students.
From Karla Pincott on May 12, 2021 :: 7:21 pm
We’ve had 2 attempts from these hackers through our site’s Contact system. They were pretty much identical, except for the person’s name:
My name is Jennifer.
Your website or a website that your company hosts is infringing on a copyright-protected images owned by myself.
Check out this document with the links to my images you used at https://aus01.safelinks.protection.outlook.com/?url=http://www.cis.org.au/&data=04|01|jblack@cis.org.au|[redacted] and my earlier publications to get the evidence of my copyrights.
Download it now and check this out for yourself:
https://aus01.safelinks.protection.outlook.com/?url=https://sites.google.com/view/nffhu49vheodjjw/drive/storage/s/files/download?h=[redacted]&data=04|01|[redacted]@cis.org.au|[redacted]
I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.
This letter is official notification. I seek the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the infringing materials upon receipt of this notice. If you do not cease the use of the aforementioned copyrighted material a lawsuit will be commenced against you.
I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.
I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Reply
From Leanna on May 17, 2021 :: 5:39 pm
I’ve had two of these messages, clicked on the link, and I’ve definitely got wonky things happening on my computer… now what? What do I do about it?
Reply
From Josh Kirschner on May 18, 2021 :: 8:24 am
If you only clicked in the link, you’re probably fine, but there are versions of drive-by malware you could have been infected by. If you actually downloaded and clicked on the file, you may have a big issue. You should immediately back up all vital files and disconnect the backup from your system. Then do a full malware scan using BitDefender or one of the other antimalware programs that caught the variant I had. If that doesn’t find anything, I would download another one, like ESET and try again. Doesn’t find anything? Try a couple more (recheck the list of engines at Virus Total because using the link in the article because I’m seeing more folks picking this up since when I published the story).
Reply
From Jon B on May 27, 2021 :: 2:27 am
Sent via form submission from [xxxx -redacted – xxxx]
Name: Tracy Griffin
Email Address: [redacted]@yahoo.com
Subject: !!! [xxxx -redacted – xxxx]
Dmca Copyright Infringement Notification email
Message: Hi!
My name is Tracy.
Your website or a website that your organization hosts is violating the copyrighted images owned by me personally.
Check out this report with the URLs to my images you used at [xxxx -redacted – xxxx]
and my earlier publication to find the evidence of my copyrights.
Download it right now and check this out for yourself:
https://sites.google.com/view/c9h4nnb3kv3-9084nvh21/download/0/shared/d/file?d=[redacted]
I really believe you’ve intentionally violated my rights under 17 USC Sec. 101 et seq. and could possibly be liable for statutory damages of up to $140,000 as set-forth in Sec. 504 (c)(2) of the Digital Millennium Copyright Act (DMCA) therein.
This message is official notice. I seek the removal of the infringing materials referenced above. Take note as a company, the DMCA demands you, to eliminate and/or terminate access to the copyrighted materials upon receipt of this notice. In case you don’t cease the use of the previously mentioned copyrighted content a court action can be initiated against you.
I have a strong belief that use of the copyrighted materials mentioned above as allegedly violating is not permitted by the legal copyright proprietor, its legal agent, or the laws.
I declare, under consequence of perjury, that the information in this message is accurate and that I am currently the legal copyright owner or am authorized to act on behalf of the proprietor of an exclusive and legal right that is allegedly violated.
Best regards,
Tracy Griffin
05/27/2021
From Richard on June 01, 2021 :: 6:07 pm
Name Christy Cox Email address [redacted]@yahoo.com Phone number [redacted] Comments Hello!My name is Christy. Your website or a website that your company hosts is violating the copyright protected images owned by myself. Check out this official document with the hyperlinks to my images you used at [redacted].com and my previous publications to find the proof of my copyrights. Download it right now and check this out for yourself: https://sites.google.com/view/[redacted] I do believe you’ve intentionally infringed my rights under 17 USC Section 101 et seq. and could possibly be liable for statutory damage of up to $140,000 as set-forth in Section 504 (c)(2) of the Digital millennium copyright act (”DMCA”) therein. This letter is official notification. I seek the removal of the infringing materials mentioned above. Please take note as a service provider, the Dmca requires you, to eliminate or/and terminate access to the copyrighted materials upon receipt of this notification letter. If you don’t stop the use of the previously mentioned infringing content a law suit will likely be commenced against you.I have a strong belief that use of the copyrighted materials mentioned above as presumably violating is not permitted by the copyright proprietor, its legal agent, as well as legislation.I declare, under penalty of perjury, that the information in this notification is correct and that I am currently the copyright owner or am certified to act on behalf of the owner of an exclusive and legal right that is presumably violated. Best regards,
Christy Cox 06/02/2021
From Barbara on November 05, 2021 :: 4:09 pm
I think I dodged any viruses or malware when I clicked the link. I did run a full scan and reset my computer to an earlier backup date. Just wondering if the reset would actually remove possible malware?
From Sham Nagmote on June 24, 2021 :: 12:11 pm
Hello there!
My name is Yin.
Your website or a website that your company hosts is violating the copyright-protected images owned by myself.
Check out this report with the hyperlinks to my images you used at usaplumbingservices.us and my earlier publications to find the evidence of my copyrights.
Download it now and check this out for yourself:
https://firebasestorage.googleapis.com/v0/b/files-aaf52.appspot.com/o/shared/[redacted]?alt=media&token;=[redacted]
I believe you’ve intentionally violated my legal rights under 17 U.S.C. Sec. 101 et seq. and can be liable for statutory damages of up to $150,000 as set-forth in Section 504 (c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.
This message is official notification. I demand the removal of the infringing materials referenced above. Take note as a service provider, the Digital Millennium Copyright Act demands you, to remove and deactivate access to the infringing content upon receipt of this letter. In case you don’t cease the use of the previously mentioned copyrighted materials a court action can be started against you.
I do have a good belief that use of the copyrighted materials referenced above as presumably infringing is not approved by the legal copyright proprietor, its legal agent, as well as law.
I swear, under penalty of perjury, that the information in this notification is accurate and that I am currently the copyright owner or am certified to act on behalf of the owner of an exclusive right that is presumably infringed.
Sincerely,
Yin Eubanks
06/24/2021
Reply
From Rivka Dette on August 18, 2021 :: 11:32 am
Sent via form submission from Rivka Dette
Name: Michelle Sanchez
E-Mail: Sanchezphoto038@[redacted]
Message: Hello there!
My name is Michelle.
Your website or a website that your company hosts is infringing on a copyrighted images owned by myself.
Check out this document with the hyperlinks to my images you utilized at www.rivkadette.com and my earlier publications to obtain the evidence of my copyrights.
Download it now and check this out for yourself:
https://firebasestorage.googleapis.com/v0/b/files-d6e6c.appspot.com/o/[redacted]
In my opinion you have deliberately violated my rights under 17 U.S.C. Section 101 et seq. and can be liable for statutory damages as high as $120,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.
This letter is official notice. I seek the elimination of the infringing materials mentioned above. Please take note as a company, the Digital Millennium Copyright Act demands you, to eliminate or/and disable access to the copyrighted materials upon receipt of this particular letter. If you do not stop the use of the aforementioned copyrighted materials a legal action will likely be started against you.
I do have a good self-belief that use of the copyrighted materials mentioned above as allegedly infringing is not approved by the legal copyright proprietor, its legal agent, as well as law.
I swear, under penalty of perjury, that the information in this letter is accurate and that I am the copyright proprietor or am authorized to act on behalf of the owner of an exclusive and legal right that is allegedly infringed.
Best regards,
Michelle Sanchez
08/18/2021
Reply
From Britt on August 25, 2021 :: 5:50 pm
I opened my email this morning to find this message. I will
Be honest that it made me nervous for a moment but then I thought I would research more. Happy to have found this website with so many identical messages. Here’s what the email said:
Message: Hi there!
My name is Stephany.
Your website or a website that your organization hosts is violating the copyright-protected images owned by me personally.
Take a look at this report with the links to my images you used at www.(mybiz).com and my earlier publication to obtain the proof of my copyrights.
Download it now and check this out for yourself:
https://firebasestorage.googleapis.com/v0/b/share-b6e0a.appspot.com/o/[redacted]
I think that you intentionally violated my legal rights under 17 U.S.C. Section 101 et seq. and can be liable for statutory damage as high as $150,000 as set forth in Sec. 504(c)(2) of the Digital millennium copyright act (”DMCA”) therein.
This message is official notice. I demand the removal of the infringing materials described above. Take note as a company, the DMCA requires you, to remove and/or disable access to the copyrighted content upon receipt of this notification letter. In case you don’t stop the utilization of the aforementioned infringing content a lawsuit can be commenced against you.
I do have a good belief that use of the copyrighted materials referenced above as allegedly infringing is not authorized by the legal copyright proprietor, its legal agent, or the law.
I swear, under consequence of perjury, that the information in this message is accurate and that I am the copyright proprietor or am authorized to act on behalf of the owner of an exclusive and legal right that is presumably violated.
Sincerely,
Stephany Williams
08/25/2021
Reply