File-sharing organization Pirate Bay has been controversial for a long time, like maybe the length of its entire existence. It’s been in the news recently because a number of governments are trying to shut it down. That’s a situation ripe for social engineering.
Our analyst Matthew Mesa found this scheme this morning: a number of typo-squatting sites carrying the following. (Note: the REAL Pirate Bay site is thepiratebay.org.) What would lead a victim to this? The phony site piratebay.com (below) comes up as the third result on a Google search for “piratebay” or fourth for “pirate bay.”
(click to enlarge)
The phony sites we found were:
http://htepiratebay.org/
http://piatebay.org/
http://www.piratesbay.org/
http://piratesbay.com/
http://piratebay.com/
http://thepriatebay.org/
http://thpiratebay.org/
http://thepiratesbay.org/
http://thepirateby.org/
http://www.thepiratbay.org/
http://videobay.com/
http://piratebay.com/
OK, we thought we see click the download button (kids, don’t try this at home) and see if the software really is “. . . safe and keeps me protected.”
(Click to enlarge)
Short answer: “no.”
It tries to download a file called “eMuleSetup.exe” from a site registered to Hotbar, Inc. VIPRE detects it as “Pinball Corporation. (v)”
The real Pirate Bay site is NOT posting any warnings.
Thanks Matthew and Adam.
Tom Kelchner