While there’s nothing new about email spoofing (several of my own email addresses have been used by criminals in this fashion, as indicated by “bounced” emails – emails that I never sent – “returning” to me, marked as being undeliverable), it’s particularly heinous when maliciously targeting an organization that fights illegal child pornography.
I suppose this attack is an indication of just how effective ASACP, the Association of Sited Advocating Child Protection, has been in waging its war against criminal elements involved in producing and distributing illegal images depicting child sexual abuse, and as such, the scumbags ASACP targets are at the top of the suspect list. Furthermore, the poor grammar and misuse of English indicate a foreign origin; in line with reports that the bulk of child pornography on the Internet comes from outside of the United States.
The fake emails are not only carrying viruses, but according to ASACP, the text of the message “informs the recipient that their email address has been found on a database of child pornography pay site customers, and tells them to donate money to ASACP or face legal action.”
“We’ve been targeted this way before,” Joan Irvine, ASACP’s Executive Director, said. “In this case, thousands or even millions of people around the world may have encountered ASACP for the first time due to this spoof email. If so, they received a false and very negative impression of us. However, we’re confident that there won’t be any lasting damage. ASACP’s long record of working to fight child sexual abuse speaks for itself.”
If you receive any suspect emails presumably from ASACP, please forward it with full headers to firstname.lastname@example.org, with “Spoof Email” as the subject, in hopes that it will assist ASACP in its investigation. According to the organization, recipients should also update their computer’s virus definitions and scan for virus infections.