The bad guys are going after the Pirates

File-sharing organization Pirate Bay has been controversial for a long time, like maybe the length of its entire existence. It’s been in the news recently because a number of governments are trying to shut it down. That’s a situation ripe for social engineering.

Our analyst Matthew Mesa found this scheme this morning: a number of typo-squatting sites carrying the following. (Note: the REAL Pirate Bay site is thepiratebay.org.) What would lead a victim to this? The phony site piratebay.com (below) comes up as the third result on a Google search for “piratebay” or fourth for “pirate bay."


(click to enlarge)

The phony sites we found were:

http://htepiratebay.org/
http://piatebay.org/
http://www.piratesbay.org/
http://piratesbay.com/
http://piratebay.com/
http://thepriatebay.org/
http://thpiratebay.org/
http://thepiratesbay.org/
http://thepirateby.org/
http://www.thepiratbay.org/
http://videobay.com/
http://piratebay.com/

OK, we thought we see click the download button (kids, don’t try this at home) and see if the software really is “. . . safe and keeps me protected.”



(Click to enlarge)

Short answer: “no.”

It tries to download a file called “eMuleSetup.exe” from a site registered to Hotbar, Inc. VIPRE detects it as “Pinball Corporation. (v)”

The real Pirate Bay site is NOT posting any warnings.



Thanks Matthew and Adam.

Tom Kelchner