Malware detected in cease and desist

[Cal2]

Anyone get one of these? I started to open the notice, then thought better of it and cancelled before it opened. At the same time, my 'Alert' said malware was detected and it was dealing with it.


Hi WHOISGUARD PROTECTED


A third party has filed a trademark infringement cease and desist notice for your domain ********.com

You can download the notice here **********. Inmost cases you should take it seriously to avoid further legal trouble. However for random complaint
without any valid reason is quite common and you can ignore.

In case the copyright notice is applicable and unresolved contact your domain registrar and they will
help you to resolve the issue. Please note that, we don't consult anyone individually.

Regards

Claim Domain Right

3600 Las Vegas Blvd. South. Las Vegas, NV 89109

 

[Cal2]

This is the second very savvy spam that I got. I am wondering if they are targeting domain names that are owned by people on this forum for the specific reason to phish owners with valuable domain names.

edit* The domain I was contacted at was 112511, a 6N which I did not post anywhere. So, probably not.

Add-on to my opening post: I got another one of the same kind of spam. It was for another domain that I purchased at the same time a couple days ago as the domain that I got the original spam for. Neither of those domains were posted on any thread here, and both are under WHOIS.

Neither were VR related domain names, but I am part of the VR thread with some others who are getting such email. A possible 'link', and if so, how? It's a link suggestion that hxp made in his above post. Whether the VR thread - and maybe other threads(?) - do have anything to do with it, or it's just coincidence........

 

[JB Lions]

C&D's usually come in the mail. Warn, delete, move on.

 

[mech35]

yes but i have never posted to the vr forum, i was at the 4d though...

 

[hawkeye]

I am part of the VR thread with some others who are getting such email. A possible 'link', and if so, how? It's a link suggestion that hxp made in his above post. Whether the VR thread - and maybe other threads(?) - do have anything to do with it, or it's just coincidence.......

I'll go with just coincidence, with a little conspiracy theory thrown in. I and others have got this email today too, and have never been in that thread or own any 'vr' domains.

 

[Plato]

Thats new (at least for me)...
Since today, I get for every domain I register this spam emails:

Be care!! And don't download this files!

----------------

UPDATE: Just saw that there is another thread about this since today:
https://www.namepros.com/threads/malware-detected-in-cease-and-desist.864112/

 

[hxp]

It seems more and more people are coming forward about these emails, so, it isn't any particular thread or forum.

I really hope this stops, before naive domainers get fooled into giving up their names.

How pathetic.

 

[Raj Grewal]

I got one as well for a domain we registered for use in Mexico. We just registered it a couple of days agoI don't plan to respond to it. They can come down here and sort it out. You can buy a lot of justice for a few hundred pesos. Interestingly, I also got another response from Domain Services Plus saying my domain has been successfully ordered and the next step is to promote it on Google, Bing, Yahoo etc etc

 

[TestCase]

Add me to the list of recipients of this spam!

"claimdomainright.com" was only registered 6 days ago:

Domain Name: CLAIMDOMAINRIGHT.COM
Registry Domain ID: 1936018341_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2015-06-06T14:19:52-06:00Z
Creation Date: 2015-06-06T14:19:52-06:00Z
Registrar Registration Expiration Date: 2016-06-06T14:19:52-06:00Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.17203101849
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Whois Agent

 

[pontiac]

I got the email as well.

 

[Dave_Z]

Thats new (at least for me)...
Since today, I get for every domain I register this spam emails:

Be care!! And don't download this files!

----------------

UPDATE: Just saw that there is another thread about this since today:
https://www.namepros.com/threads/malware-detected-in-cease-and-desist.864112/

Hmmm, Domain Copyright Notice while the subject is Trademark Infringement. I'd take the notice a bit seriously if it's just TM infringement, but not a combo of TM and copyright infringement when the latter doesn't apply to domain names per se.

Rather than delete the email, perhaps you folks can notify Name.com and forward that email you got as proof. Name.com will need some material before they investigate.

(And nuts, I didn't get that email. Still, thanks to all here for the heads up.)

 

[iAchilles]

Yeah got a few of these. They went straight to my spam folder. I reported it to [email protected]

 

[slimjim270]

@Cal2 - I received 6 notices for 6 distinct domains I registered earlier this week on 06/10/2015. None had any similarities in spelling. Also, no, I have not participated on the NP "VR" thread. There is no tie-in there. All 6 notices came into my email box at 12:47pm on 06/12/2015. I always check for TM prior to registering a domain, so knew something was fishy about the emails. All addressed me as "Hi WHOISGUARD PROTECTED". They are likely scraping a whois site for email and contact info for their spam blast.

As @TestCase pointed out, the site claimdomainright(dot)com was created on
2015-06-06 T14:19:52-06:00Z (only 7 days ago) and the contact is "Whois Privacy Protection Service, Inc." [no respectable attorney's office uses Whois Privacy - attorney's have to be transparent about themselves when practicing law and providing representation to a client]

Also, the address used in the email (3600 Las Vegas Blvd. South. Las Vegas, NV 89109) is the Bellagio Hotel & Casino in Las Vegas, NV. Maybe a guest at the hotel, but certainly not an attorney's office.


Domain Name: CLAIMDOMAINRIGHT.COM
Registry Domain ID: 1936018341_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2015-06-06T14:19:52-06:00Z
Creation Date: 2015-06-06T14:19:52-06:00Z
Registrar Registration Expiration Date: 2016-06-06T14:19:52-06:00Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.17203101849
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Whois Agent
Registrant Organization: Whois Privacy Protection Service, Inc.
Registrant Street: PO Box 639
Registrant City: Kirkland
Registrant State/Province: WA
Registrant Postal Code: 98083
Registrant Country: US
Registrant Phone: +1.4252740657
Registrant Fax: +1.4259744730
Registrant Email: [email protected]
Registry Admin ID:

A phishing scam! I hope no one clicked on the link to "download" their "Domain Copyright Notice". The Subject line indicates "Trademark Infringement Cease & Desist", yet the bozos want to "share" with you a COPYRIGHT NOTICE? [too many margaritas at the blackjack table before writing the email copy?]

A perfect example of annoying spammers - criminals! I am guessing the "Copyright Notice" probably ask you to verify yourself by entering your password or something descriptive they can use to gain access to an account (registrar or bank info).

@Cal2, thanks for the OP to raise attention on the topic. Having received 6 boilerplate notices on 6 distinct names... all in the same timeframe... likely an email blast... it smells like phish.

-Jim

 

[gadabout]

I made the mistake of clicking on the link to see the C&D letter but it said page unavailable - do you think I got a virus already? Thanks for any info help.

 

[TestCase]

I made the mistake of clicking on the link to see the C&D letter but it said page unavailable - do you think I got a virus already? Thanks for any info help.

I'd recommend running a variety of anti-virus and anti-malware software immediately to see if you may have been infected.

I say "a variety" because there isn't a single program that will catch all the "evil programs". I'd start with running several of the online av scanners (examples Kapersky, Trend Micro, Eset, etc) and then follow that up with MalwareBytes and maybe Dr Web CureIt. Also be sure to to run a couple of "Rootkit Scanners" .

Other people may be able to recommend some other programs, but no matter what get started as soon as possible running them. Better safe than sorry!

 

[deflee79]

I haven't recieved any emails thankfully. I do my registrations with Godaddy ..i wonder if perhaps there is something in common with who you registered the domain with. Just a thought. .

 

[mech35]

i registered with godaddy also, but i had the mail...

 

[deflee79]

i registered with godaddy also, but i had the mail...

Ah.. i guess that debunks that then.

 

[Paully]

I think that the 'connection' is not a particular thread it is the whole site generally.

Spend 10 mins and see how many domains and contact details you can find. Like shooting fish in a barrel for lazy scammers.

 

[iAchilles]

I made the mistake of clicking on the link to see the C&D letter but it said page unavailable - do you think I got a virus already? Thanks for any info help.

Do what @TestCase suggested, if their scam is to install a root kit on the victim's computer then it becomes a lot more difficult to detect and eradicate. Some keyloggers can survive a reformat!

Any time I discover anything untoward on my system I do a low level format of my disks, I rewrite the master boot record and then reinstall Windows. It's the safest option imho.

I think that the 'connection' is not a particular thread it is the whole site generally.

Spend 10 mins and see how many domains and contact details you can find. Like shooting fish in a barrel for lazy scammers.

An interesting theory but it doesn't add up. They're most likely scraping whois data like most spammers do. The domains associated with these mails were recent hand regs that I never mentioned here on NP.

 

[Paully]

An interesting theory but it doesn't add up. They're most likely scraping whois data like most spammers do. The domains associated with these mails were recent hand regs that I never mentioned here on NP.

It goes without saying that they would be using the usual techniques to harvest bulk data, but my point was that this site generally rather than any specific thread that people may have posted in contains a lot of volunteered information on domains and domain owners. Just clicking the link in your own sig leads to over 70 domains you own and that is without the additional information somebody could find by researching and cross referencing those domains and the associated data etc.

 

[ArthurReich]

My Experience:

I have just registered a new domain and got an email about "Trademark Infringement Cease & Desist" in the next 48 hours. I know for sure that the domain that I have registered is original and no one previously owned it. Due to curiosity I have downloaded the Word file that was attached in their email. Upon opening it my keyboard beeps on some keys I press then suddenly my windows got a "Blue Screen"

With an anti-malware installed I found out it's 'Trojan Virus' + others viruses

BEWARE of this email guys.

 

[deflee79]

My Experience:

I have just registered a new domain and got an email about "Trademark Infringement Cease & Desist" in the next 48 hours. I know for sure that the domain that I have registered is original and no one previously owned it. Due to curiosity I have downloaded the Word file that was attached in their email. Upon opening it my keyboard beeps on some keys I press then suddenly my windows got a "Blue Screen"

With an anti-malware installed I found out it's 'Trojan Virus' + others viruses

BEWARE of this email guys.

Man..

 

[DomainVP]

I have just registered a new domain and got an email about "Trademark Infringement Cease & Desist" in the next 48 hours. I know for sure that the domain that I have registered is original and no one previously owned it. Due to curiosity I have downloaded the Word file that was attached in their email. Upon opening it my keyboard beeps on some keys I press then suddenly my windows got a "Blue Screen"

With an anti-malware installed I found out it's 'Trojan Virus' + others viruses

Sorry you didn't find this thread first , the people behind this are real scum. I hope you find a solution fast.

 

[JyotiG]

Thanks for the headsup. Won't open the email if I receive it.

 

[CJay9209]

Hi guys. Just wanted to chirp in here. I got a couple on my domains a couple days ago and figured it was indeed a scam so i downloaded the file on my windows 8.1 machine but before opening decided it was a bad idea and purged it lol. The document has a supposedly hidden section which discloses the details of the issue and who to contact but it requires you to unblock the file for editing... smirk...

Basically i let it loose on an older computer and I can confirm a trojan type. Nothing too bad but it looks like you are safe as long as you have the file block in place for files downloaded from the internet... if not you might wanna start cleaning right now.