Fake FBI virus catches Net users

A Windows virus that warns users about illegal net use is spreading online. The bug-bearing message claims to come from either the FBI, CIA or German BKA police agency. It warns users they have been detected visiting illegal sites. Those opening a questionnaire attached to the message will be infected by a variant of the well-known Sober virus. Anti-virus firms have caught millions of copies of the malicious program, suggesting a lot of people have fallen for the fake warning. Web watch The Windows virus started circulating on 22 November and mail filtering firm MessageLabs said it caught almost three million copies of the Sober variant in the first 24 hours of the outbreak. By the end of Wednesday Postini said it had netted more than seven million copies of the bug. The virus travels in an email message with the subject line of "You visit illegal websites" or "Your IP was logged". The body text of the message makes it appear as if the recipient has been caught by the FBI, CIA or BKA browsing 30 illegal sites and asks them to fill in an attached form about this activity. Anyone clicking on the attached form gets a fake error message while, in the background, the virus starts plundering an infected PC for email addresses to send itself to. Responding to the outbreak the FBI said: "These emails did not come from the FBI." It added: "Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited emails to the public in this manner." The virus also comes in varieties that purport to hold a video of Paris Hilton, fake password change notices and email error messages. It can only infect those using Windows PCs. F-Secure said the outbreak was the "biggest of the year" and Symantec said the virus was spreading very fast in the wild. Statistics gathered by Trend Micro suggest that most victims were in North America. The spread of the virus slowed on Wednesday but anti-virus firms urged users to update their protection and not to click on attachments to unsolicited email messages. The first Sober virus was found in October 2005 and there have been 25 variants released since then. This latest variant checks to see if a machine has been infected by earlier versions and tries to shut them down so it can do its work.

print this article

Return to internet news headlines
View Internet News Archive

Share with: