Recently a client received an unexpected email from what looked like a legitimate software company. Here’s the gist of the email with names changed to protect the innocent:
I wanted to bring to your attention that we have detected Software X license infringements at Company XYZ. Software X uses hard coded technology that detects software piracy. We discovered Company XYZ’s domain using Software X with a known pirated serial number. Software X considers software piracy an extremely serious issue, and as a company, we use all methods available to us to protect our trademarks and intellectual property.
The email went on to request immediate contact… Initially it looked like the email may be a phishing or other scheme. We confirmed by calling the “Software X” company directly, rather than using the link or phone number on the email, and we surprisingly confirmed it was a legitimate email from their anti-piracy division. “Software X” in this case costs around $100k per license! And, “Software X” claimed there were multiple instances in “Company XYZ’s” domain.
Which brings me to the questions about your network if you received a similar piracy email:
- Do you know what software is installed on every system?
- When the last time you confirmed what software was installed?
- Would you know if an end user installed pirated software on their own?
- Do you have an HR policy in place that outlines what your end user rights and responsibilities are on your systems and/or network?
- Do you have a software policy or program in place that blocks installers?
While you ponder your company’s situation, I will tell you the answers we had in this particular case to those questions:
- “Company XYZ” uses imaged PCs and VDI so all systems are imaged with only approved software from the master images. All servers are maintained and monitored with limited Administrator access.
- Given the contact by “Software X”, to reconfirm nothing had somehow bypassed the security in place we ran a full Asset Scan of the network using Mirazon’s custom scanning tools, which provided a detailed searchable report for “Company XYZ” (which, incidentally, had no signs of “Software X”)
- “Company XYZ” has an HR policy in place detailing end user rights and responsibilities
- “Company XYZ” has a software policy in place that blocks installation executables from running preventing a user from running an unapproved installer.
After reviewing the above and further review of the MAC address, IP addresses, and other details provided by “Software X’s” anti-piracy division. We know the software was not in use at “Company XYZ” and their domain was likely spoofed.
But back to your network: if you don’t know the answers to those questions for your network, need help with setting up any of those protections outlined at “Company XYZ”, want to add more advanced live monitoring, or get a detailed Asset Report for your network, give us a call. In the case of our client, an ounce of prevention saved them from a piracy witch hunt and unjust legal bills.