Malware detected in cease and desist

[Cal2]

Anyone get one of these? I started to open the notice, then thought better of it and cancelled before it opened. At the same time, my 'Alert' said malware was detected and it was dealing with it.


Hi WHOISGUARD PROTECTED


A third party has filed a trademark infringement cease and desist notice for your domain ********.com

You can download the notice here **********. Inmost cases you should take it seriously to avoid further legal trouble. However for random complaint
without any valid reason is quite common and you can ignore.

In case the copyright notice is applicable and unresolved contact your domain registrar and they will
help you to resolve the issue. Please note that, we don't consult anyone individually.

Regards

Claim Domain Right

3600 Las Vegas Blvd. South. Las Vegas, NV 89109

 

[mech35]

i registered with godaddy also, but i had the mail...

 

[deflee79]

i registered with godaddy also, but i had the mail...

Ah.. i guess that debunks that then.

 

[Paully]

I think that the 'connection' is not a particular thread it is the whole site generally.

Spend 10 mins and see how many domains and contact details you can find. Like shooting fish in a barrel for lazy scammers.

 

[iAchilles]

I made the mistake of clicking on the link to see the C&D letter but it said page unavailable - do you think I got a virus already? Thanks for any info help.

Do what @TestCase suggested, if their scam is to install a root kit on the victim's computer then it becomes a lot more difficult to detect and eradicate. Some keyloggers can survive a reformat!

Any time I discover anything untoward on my system I do a low level format of my disks, I rewrite the master boot record and then reinstall Windows. It's the safest option imho.

I think that the 'connection' is not a particular thread it is the whole site generally.

Spend 10 mins and see how many domains and contact details you can find. Like shooting fish in a barrel for lazy scammers.

An interesting theory but it doesn't add up. They're most likely scraping whois data like most spammers do. The domains associated with these mails were recent hand regs that I never mentioned here on NP.

 

[Paully]

An interesting theory but it doesn't add up. They're most likely scraping whois data like most spammers do. The domains associated with these mails were recent hand regs that I never mentioned here on NP.

It goes without saying that they would be using the usual techniques to harvest bulk data, but my point was that this site generally rather than any specific thread that people may have posted in contains a lot of volunteered information on domains and domain owners. Just clicking the link in your own sig leads to over 70 domains you own and that is without the additional information somebody could find by researching and cross referencing those domains and the associated data etc.

 

[ArthurReich]

My Experience:

I have just registered a new domain and got an email about "Trademark Infringement Cease & Desist" in the next 48 hours. I know for sure that the domain that I have registered is original and no one previously owned it. Due to curiosity I have downloaded the Word file that was attached in their email. Upon opening it my keyboard beeps on some keys I press then suddenly my windows got a "Blue Screen"

With an anti-malware installed I found out it's 'Trojan Virus' + others viruses

BEWARE of this email guys.

 

[deflee79]

My Experience:

I have just registered a new domain and got an email about "Trademark Infringement Cease & Desist" in the next 48 hours. I know for sure that the domain that I have registered is original and no one previously owned it. Due to curiosity I have downloaded the Word file that was attached in their email. Upon opening it my keyboard beeps on some keys I press then suddenly my windows got a "Blue Screen"

With an anti-malware installed I found out it's 'Trojan Virus' + others viruses

BEWARE of this email guys.

Man..

 

[DomainVP]

I have just registered a new domain and got an email about "Trademark Infringement Cease & Desist" in the next 48 hours. I know for sure that the domain that I have registered is original and no one previously owned it. Due to curiosity I have downloaded the Word file that was attached in their email. Upon opening it my keyboard beeps on some keys I press then suddenly my windows got a "Blue Screen"

With an anti-malware installed I found out it's 'Trojan Virus' + others viruses

Sorry you didn't find this thread first , the people behind this are real scum. I hope you find a solution fast.

 

[JyotiG]

Thanks for the headsup. Won't open the email if I receive it.

 

[CJay9209]

Hi guys. Just wanted to chirp in here. I got a couple on my domains a couple days ago and figured it was indeed a scam so i downloaded the file on my windows 8.1 machine but before opening decided it was a bad idea and purged it lol. The document has a supposedly hidden section which discloses the details of the issue and who to contact but it requires you to unblock the file for editing... smirk...

Basically i let it loose on an older computer and I can confirm a trojan type. Nothing too bad but it looks like you are safe as long as you have the file block in place for files downloaded from the internet... if not you might wanna start cleaning right now.

 

[Alice Wonder Miscreations]

I doubt this is an attempt to steal domains. Either it is an attempt to install malware or find out who is gullible.

I too have gotten spams related to freshly registered domains. Look at the IP address for the SMTP server it came from, and check it at http://mxtoolbox.com/blacklists.aspx

Chances are it is on a lot of blacklists.

 

[iAchilles]

It goes without saying that they would be using the usual techniques to harvest bulk data, but my point was that this site generally rather than any specific thread that people may have posted in contains a lot of volunteered information on domains and domain owners. Just clicking the link in your own sig leads to over 70 domains you own and that is without the additional information somebody could find by researching and cross referencing those domains and the associated data etc.

I agree, NP would be easy pickings. But again, the two domains I received it on I haven't even put up for sale on any market place yet. I'm guessing they're running a script like spammers do for any new registrations/changes in the whois db.

Also to add, the two domains I got it on have different whois data!

 

[Shams]

Anyone know what's the legal term if we really get copyright notice. How to deal with it.

 

[Goncalo]

I haven't recieved any emails thankfully. I do my registrations with Godaddy ..i wonder if perhaps there is something in common with who you registered the domain with. Just a thought. .

I started to get all kind of emails related to domains as soon as I got some registered through GoDaddy...

All kinds of notices, design proposals, trademark Infringement, the bunch.

I use four registrars, only the names I get on GoDaddy turn up on these emails...

 

[mikenormal]

I've not had this email (yet). I say yet as I get so much spam ranging from web design to fake domain renewals all via the WHOIS.

I should count myself lucky as it's tolerable and not the unsavory spam.

I'd hate to use WHOIS privacy as it's bad for domaining

 

[domainerfella]

I got one for a 6N.

 

[Paul]

I'd appreciate if someone could forward me the e-mail, including all headers if you know how. I'm particularly interested in the malware. Send it to [email redacted], and let me know that you sent it so I know to look for it. Thanks!

 

[pontiac]

I'd appreciate if someone could forward me the e-mail, including all headers if you know how. I'm particularly interested in the malware. Send it to [email redacted], and let me know that you sent it so I know to look for it. Thanks!

Paul, I sent you the message I got, but it bounced back.

 

[Goncalo]

I started to get all kind of emails related to domains as soon as I got some registered through GoDaddy..

Mind you - I'm not saying godaddy sells our data to spammers.
Maybe spammers find it easier to explore a specific Whois database and Godaddy being the biggest registrar... It's the perfect target.

 

[Paul]

Paul, I sent you the message I got, but it bounced back.

Google probably rejected it because of the malware. Guess that answers that!

Mind you - I'm not saying godaddy sells our data to spammers.
Maybe spammers find it easier to explore a specific Whois database and Godaddy being the biggest registrar... It's the perfect target.

It's probably easier to target a single registrar's WHOIS servers than a registry's; they're likely to be less secure.