Topic: Fake FBI virus catches net users

[Clive]

A Windows virus that warns users about illegal net use is spreading online.
The bug-bearing message claims to come from either the FBI, CIA or German BKA police agency, and warns users they have been detected visiting illegal sites.

Those opening a questionnaire attached to the message will be infected by a variant of the well-known Sober virus.

Anti-virus firms have caught millions of copies of the malicious program, suggesting a lot of people have fallen for the fake warning.

Web watch

The Windows virus started circulating on 22 November and mail filtering firm MessageLabs said it caught almost three million copies of the Sober variant in the first 24 hours of the outbreak. By the end of Wednesday Postini said it had netted more then seven million copies of the bug.

The virus travels in an e-mail message with the subject line of "You visit illegal websites" or "Your IP was logged".

 SOBER SUBJECT LINES
You visit illegal websites
Your IP was logged
Your_Password
Registration Confirmation
Your Password
Mail delivery failed
smtp mail failed
hi,_ive_a_new_mail_address
Account Information
Ihr Passwort
Mailzustellung wurde unterbrochen
SMTP Mail gescheitert
Ermittlungsverfahren wurde eingeleitet
Sie besitzen Raubkopien
RTL: Wer wird Millionaer
Paris Hilton & Nicole Richie  
The body text of the message makes it appear as if the recipient has been caught by the FBI, CIA or BKA browsing 30 illegal sites and asks them to fill in an attached form about this activity.

Anyone clicking on the attached form gets a fake error message while, in the background, the virus starts plundering an infected PC for e-mail addresses to send itself to.

Responding to the outbreak the FBI said: "These e-mails did not come from the FBI."

It added: "Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner."

The virus also comes in varieties that purport to hold a video of Paris Hilton, fake password change notices and e-mail error messages. It can only infect those using Windows PCs.

F-Secure said the outbreak was the "biggest of the year" and Symantec said the virus was spreading very fast in the wild. Statistics gathered by Trend Micro suggest that most victims were in North America.

The spread of the virus slowed on Wednesday but anti-virus firms urged users to update their protection and not to click on attachments to unsolicited e-mail messages.

The first Sober virus was found in October 2005 and there have been 25 variants released since then. This latest variant checks to see if a machine has been infected by earlier versions and tries to shut them down so it can do its work.

 
http://news.bbc.co.uk/1/hi/technology/4466016.stm

I seem to be getting dozens of these every day!

[Simon]

Clive, yours probably ARE from the FBI!!   :twisted:

I've had loads too, but I deleted them with Mail Washer, without even bothering to see who they were from.

[chorleydave]

I do find it astonishing that, in spite of repeated warnings almost everywhere, people STILL open these attachments.

I have been getting one or two, but like Simon, I delete them on the server without ever letting them get to my machines.  Why do people feel that they have to double-click everything that is sent to them?

[Clive]

I delete all mine from the server too Dave.  I've had every single one of those subject lines in English but none of the German.  This is by far the most prolific virus I've suffered to date but there have been far fewer outbreaks this past year so I shouldn't complain.