Home ScamsScam Catalogue Internet Access Suspended Malware Email

Internet Access Suspended Malware Email

by Brett M. Christensen

Email claims that the recipient’s Internet access is going to be suspended because the ‘Internet Service Provider Consorcium’ has logged illegal activities from his or her computer.


Subject: Your internet access is going to get suspended

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists. We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

ICS Monitoring Team

Detailed Analysis:
This email “warning” is one in a series of messages that attempt to fool Internet users into installing malware on their computers. In this version, the message claims that the recipient’s Internet access will be suspended if he or she does not stop “the illegal downloading of copyrighted material”. The message, ostensibly from an entity named the “Internet Service Provider Consorcium”, urges the recipient to open an attachment that supposedly contains a report of the recipient’s illegal activities over the last 6 months.

However, there is no such body as the “Internet Service Provider Consorcium”, nor is there any such blanket ISP organization that has the power and authority to systematically “wiretap” member networks and take action against individual Internet users. In the early years of the Internet, there was an organization named the “Internet Service Provider Consortium (ISPC)” – which is presumably what this spelling and grammar challenged scammer intended to say – but it ceased to operate years ago and never had the sort of wide-sweeping powers suggested in the message.

Opening the .zip file attachment that comes with the email will install malware on the user’s computer that may steal information, communicate with remote servers and download other malware components.

Internet criminals commonly use such ruses as a means of panicking users into inadvertently installing malicious software. In 2005, malicious emails were distributed that claimed that the FBI or the CIA had logged recipients visiting illegal websites. The messages urged recipients to open an attached file for details. The attachment contained a variant of the Sober worm. Then, in 2006, a bogus Mail Server Report that claimed that emails containing worms had been sent from the recipient’s computer itself contained a worm hidden in an attached file. And in 2007, a “complaint” email that falsely claimed to be from the Federal Trade Commission attempted to fool recipients into installing an information-stealing trojan hidden in an attached file.

Another version currently being distributed poses as a threatening “complaint” email accusing the recipient of sending emails containing viruses and instructs him or her to open an attachment supposedly containing email log files. Like the “Internet Service Provider Consorcium” variant discussed here, the emails carry .zip file attachments containing malware.

Internet users should always be very cautious of opening attachments that arrive with unsolicited emails. Do not be panicked by threatening complaints or false accusations into opening attachments without due care and attention.

Last updated: 17th September 2008
First published: 17th September 2008
By Brett M. Christensen
About Hoax-Slayer

FBI Virus Emails – Sober Worm
Fake Mail Server Report Message Carries Worm
Federal Trade Commission Complaint Scam
Virus Complaint Email Carries Malware

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,