Home ScamsScam Catalogue Internet Access Suspended Malware Email

Internet Access Suspended Malware Email

by Brett M. Christensen

Email claims that the recipient’s Internet access is going to be suspended because the ‘Internet Service Provider Consorcium’ has logged illegal activities from his or her computer.


Subject: Your internet access is going to get suspended

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists. We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

ICS Monitoring Team

Detailed Analysis:
This email “warning” is one in a series of messages that attempt to fool Internet users into installing malware on their computers. In this version, the message claims that the recipient’s Internet access will be suspended if he or she does not stop “the illegal downloading of copyrighted material”. The message, ostensibly from an entity named the “Internet Service Provider Consorcium”, urges the recipient to open an attachment that supposedly contains a report of the recipient’s illegal activities over the last 6 months.

However, there is no such body as the “Internet Service Provider Consorcium”, nor is there any such blanket ISP organization that has the power and authority to systematically “wiretap” member networks and take action against individual Internet users. In the early years of the Internet, there was an organization named the “Internet Service Provider Consortium (ISPC)” – which is presumably what this spelling and grammar challenged scammer intended to say – but it ceased to operate years ago and never had the sort of wide-sweeping powers suggested in the message.

Opening the .zip file attachment that comes with the email will install malware on the user’s computer that may steal information, communicate with remote servers and download other malware components.

Internet criminals commonly use such ruses as a means of panicking users into inadvertently installing malicious software. In 2005, malicious emails were distributed that claimed that the FBI or the CIA had logged recipients visiting illegal websites. The messages urged recipients to open an attached file for details. The attachment contained a variant of the Sober worm. Then, in 2006, a bogus Mail Server Report that claimed that emails containing worms had been sent from the recipient’s computer itself contained a worm hidden in an attached file. And in 2007, a “complaint” email that falsely claimed to be from the Federal Trade Commission attempted to fool recipients into installing an information-stealing trojan hidden in an attached file.

Another version currently being distributed poses as a threatening “complaint” email accusing the recipient of sending emails containing viruses and instructs him or her to open an attachment supposedly containing email log files. Like the “Internet Service Provider Consorcium” variant discussed here, the emails carry .zip file attachments containing malware.

Internet users should always be very cautious of opening attachments that arrive with unsolicited emails. Do not be panicked by threatening complaints or false accusations into opening attachments without due care and attention.

Last updated: 17th September 2008
First published: 17th September 2008
By Brett M. Christensen
About Hoax-Slayer

FBI Virus Emails – Sober Worm
Fake Mail Server Report Message Carries Worm
Federal Trade Commission Complaint Scam
Virus Complaint Email Carries Malware


Since you’ve read this far…

…can I ask you for a big favour?

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.

If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.

You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.

Brett Christensen