Hackers are exploiting the controversy surrounding illegal downloading in a bid to steal credit card details from web users, says F-Secure.
The security vendor has identified a Trojan that attempts to get PC users to believe an 'Antipiracy foundation scanner' has found illegal torrents on the system.
The warnings reappear every time the user reboots their system and encourage them to fork out $400 (£259) to ICPP Foundation in a "pre-trial settlement" to cover a "copyright holder fine".
It also claims refusal to pay the fine could result in a jail sentence.
The Trojan's warnings echoes genuine letters sent by law firms on behalf of copyright holders. The letters claim the recipient's internet connection has been used to illegally download music, movies or games and as result they will be required to pay a fine.
However, F-Secure says there is no ICPP Foundation, despite the group behind the Trojan setting up an official-looking website with the URL www.icpp-online.com, and the messages will appear even if the system contains no illegal material whatsoever.
Furthermore, for those that do attempt to pay the fine there is no obvious credit-card payment system connected to the site. F-Secure said the criminals behind the scam just seem to collect the credit card information.
"Refuse to pay money to these clowns! If people pay them, the problem will only grow bigger," says the security vendor.
F-Secure revealed that the domain is registered to Mr Shoen Overns' with a contact email of firstname.lastname@example.org.
The security vendor said the email address has been seen before in various other domains, connected to Zeus and Koobface scams.
"The gang behind this attack already has large botnets at their disposal. We assume they've simply uploaded this malicious application to the bots they already control," said Mikko H Hypponen, chief research officer at F-Secure
"People know that movie studios and record labels are playing hardball against pirates. This might actually make some users fall for this scam".
F-Secure advised web users that have been infected with the Trojan to use an antivirus programme to detect and remove it immediately.
See also: Concern over surge in banking Trojans