Sign in to follow this  
Followers 0
Guest

Fake FBI,CIA e-mails

4 posts in this topic

Fake FBI, CIA e-mails contain viruses

Nov 22 2:11 PM US/Eastern

 

The FBI warned Internet users about a scam involving e-mails appearing to come from the FBI, with a computer virus attached.

"These scam e-mails tell the recipients that their Internet use has been monitored by the FBI and that they have accessed illegal websites," the law enforcement agency said in a statement.

"The e-mails then direct recipients to open an attachment and answer questions."

The FBI statement said recipients of this or similar messages "should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner."

The messages appear to be sent from an e-mail address such as mailAfbi.gov, postAfbi.gov, adminAfbi.gov or a similar address.

The Internet security firm Sophos said similar e-mails may appear to come from the Central Intelligence Agency, but it noted that both contain a strain of the Sober virus that has been spreading worldwide.

In a four-hour period Tuesday, the worm "has accounted for over 61 percent of all viruses reported to Sophos, making it currently the most prevalent virus spreading across the world."

Share this post


Link to post
Share on other sites



'FBI-Paris Hilton' worm called the year's worst

Newest version of Sober virus generates millions of e-mails

By Bob Sullivan

Technology correspondent

MSNBC

Updated: 7:19 p.m. ET Nov. 22, 2005

It looks like an e-mail from the FBI, or a note promising pictures of Paris Hilton -- but some anti-virus companies are now calling it the most widespread computer virus outbreak of the year. 

Sober-Y, the latest variation of a computer virus that was first released almost two years ago, surprised analysts Tuesday by gaining traction and rocketing millions of e-mails around the world.

MessageLabs, a software company that filters e-mails, said it had stopped three million copies of Sober-infected e-mails in the first 24-hours after the virus began circulating. Paul Wood, a senior analyst at MessageLabs, said that as of 5 p.m. ET, the firm was trapping 200,000 copies of the worm each hour.

"It's surprisingly bad," said Mikko Hypponen, a virus researcher at F-Secure.com. "In sheer amount of e-mails, it's larger than any outbreak of the year." On Tuesday afternoon, F-Secure raised its threat level for the virus to its most severe rating.  Other anti-virus firms also raised their threat levels during the afternoon.

Sober has been successful, experts say, because it piggybacks on earlier versions of the virus that have already infected computers. Those computers -- perhaps tens of thousands around the world, according to Symantec's Alfred Huger -- form a "bot-net" network that's controlled by the virus writer.

Valuable real estate

All those computers were instructed to send out spam on Monday that was laced with Sober-Y -- millions of messages that gave the virus a great head start at gaining traction. Essentially, the virus is using friendly computers to launch attacks and gather up new territory.

"The footprint for the bot-net is already quite large, so the virus has its own momentum," Huger said.

Symantec has received almost 2,000 submissions of the program from customers who were attacked by the worm, he said.

The virus writer uses the ever-expanding network to make money, Huger said. The bot-net is rented out to other spammers, who send their own versions of e-mail marketing pitches. And the virus author, according to Huger, steals personal information from infected computers and sells it to the highest bidder. "It's real estate to (virus writers), and it's really valuable real estate."

Another clever aspect of Sober-Y -- it includes both English and German versions, and selects the appropriate language based on an educated guess for each computer it attacks. Computers with e-mail addresses that end in .de get the German version, for example.

The virus is also spreading because its e-mail message is just enticing enough to trick recipients, said Huger.  In addition to the Paris Hilton and FBI versions, other e-mails purport to come from German authorities who've caught a recipient downloading illegal music; or the CIA,  accusing the recipient of visiting illegal Web sites. There's even a version that looks like it's an automatic message indicating an attempted e-mail has failed, known as a "bounce."

One piece of good news: To become infected, recipients must click on the attachment, which is zipped, then unpack the zipped file, and then agree to run the executable file that appears.  That provides several chances for a consumer to realize something is suspicious.

Spam-virus technique

About two years ago, virus writers began combining techniques used in computer worms and spam.  Often, as in this case, a virus writer will begin an attack with an initial "seeding" of virus-laced spam, boosting the program's chances of catching fire.  But often, such spam-seeded worms appear worse than they really are during those first few hours -- and after the initial spam dies down, a lack of new infections keep the worm from turning into a widespread outbreak.

McAfee's Craig Schmugar said he thinks that might be the case with Sober-Y. His firm has only received 150 submissions, so he thinks it may have had a bark that's worse than its bite.

"We are past the worst of it," he said.

Hypponnen didn't agree, saying at 6 p.m. ET that submissions to F-Secure continued to rise through the night.

"Over last five hours, the trend has been up," he said.

Still, the impending Thanksgiving holiday in the United States probably would help ease the spread of the worm, he said -- since many U.S. workers have already left the office for a long weekend and won't be clicking on their e-mail. 

Share this post


Link to post
Share on other sites

Wow Paris Hilton Gives people a virus?

Edited by NYTruckie

Share this post


Link to post
Share on other sites

Well NYTruckie, maybe a worm...... :PB)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.