Author Topic: Fake FBI, CIA e-mails with viruses spread worldwide  (Read 1625 times)

0 Members and 1 Guest are viewing this topic.

Offline Sachitha

  • ෆැන්ටසි රාළ FNLeader
  • *****
  • Posts: 1923
  • Gender: Male
  • You Dont Know About Me and you Will Never Know!
    • www.shgamez.com
Fake FBI, CIA e-mails with viruses spread worldwide
« on: January 14, 2006, 11:15:10 AM »
Advertisement

Washington: A scam involving e-mails appearing to come from the FBI or CIA has unleashed a computer virus that spread rapidly worldwide, US officials and security experts said.
The FBI released a statement on its website noting that the agency was not the source of the e-mails. But experts said that the virus was propagating because the authors made the message appear authentic.

The FBI statement said recipients of this or similar messages "should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner."

The messages appear to be sent from an e-mail address such as mailAfbi.gov, postAfbi.gov, adminAfbi.gov or a similar address, and direct the recipient to open an attachment to answer question. The opening of the file activates the virus and causes it to spread to others.

The Internet security firm Sophos said similar e-mails may appear to come from the Central Intelligence Agency, but that both contain a strain of the Sober virus that has been spreading worldwide.

In a four-hour period Tuesday, the worm "has accounted for over 61 percent of all viruses reported to Sophos, making it currently the most prevalent virus spreading across the world."

"This variant of the Sober worm may catch out the unwary as they open their e-mail inbox this morning," said Graham Cluley, senior technology consultant at Sophos.

"Every law-abiding citizen wants to help the police with their enquiries, and some will panic that they might be being falsely accused of visiting illegal websites and want to click on the unsolicited e-mail attachment. All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection."

The e-mail says: "We have logged your IP-address on more than 30 illegal websites," and directs the recipient to open an attachment to respond to questions.

"The FBI takes this matter seriously and is investigating," the law enforcement agency said, urging those receiving e-mails of this nature to report it to the Internet Crime Complaint Center via http://www.ic3.gov.

California-based firm PandaLabs said the virus quickly became the most prevalent spreading around the globe. One reason for its success is that "this new variant uses social engineering techniques, tricking users into running files that contain the system code," PandaLabs said.

The virus uses another trick -- displaying a dialogue box saying that no viruses, Trojans or spyware were found, according to PandaLabs, even though the computer is left unprotected against future attacks.

Experts noted that each infection causes a computer to send out new copies of the e-mail to those in the computer's address book.

"The propagation capacity of Sober.AH, means that every time there is a new infection, the chances of receiving an infected email increase exponentially," said Luis Corrons, director of PandaLabs.

PandaLabs and others noted that some of the e-mails were being delivered in German to addresses in Europe, purportedly coming from the BKA, the German federal police.

The SANS Institute's Internet Storm Center, an academic-industry partnership, urged Internet users to exercise caution because anti-virus programs may not detect the latest versions of malicious programs.

"Antivirus software does not provide any reliable protection against current threats," SANS said. "Viruses like Sober tend to change every few hours well in advance of AV signature updates. The fact that an attachment did not get marked is no indication that it is harmless."
FBI