I'm not sure what has happened recently, but my junk mail has gotten out of control lately. Now I'm receiving many with zip files. Here's an example of one I just got from the "CIA". Dear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites. Important: Please answer our questions! The list of questions are attached. Yours faithfully, Steven Allison ++++ Central Intelligence Agency -CIA- ++++ Office of Public Affairs ++++ Washington, D.C. 20505 ++++ phone: (703) 482-0623 Has anyone else seen an increase lately?
Don't OPEN the zip file! http://urbanlegends.about.com/library/bl_fbi_virus.htm FBI Warning: You Visit Illegal Websites Netlore Archive: Beware messages purporting to originate from the FBI (or CIA) that accuse you of visiting illegal Websites. These messages are unauthorized and arrive with an attachment containing a variant of the 'Sober' virus Description: Virus-bearing message Circulating since: Feb. 2005 Status: Malicious file attached Analysis: See below Variant #1: Email example contributed by A. Edwards, 22 February 2005: Dear Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached. Yours faithfully, M. John Stellford Federal Bureau of Investigation -FBI- 935 Pennsylvania Avenue, NW, Room 2130 Washington, DC 20535 (202) 324-3000 Variant #2: Email example contributed anonymously, 21 November 2005: Dear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites. Important: Please answer our questions! The list of questions are attached. Yours faithfully, Steven Allison ++++ Central Intelligence Agency -CIA- ++++ Office of Public Affairs ++++ Washington, D.C. 20505 ++++ phone: (703) 482-0623 ++++ 7:00 a.m. to 5:00 p.m., US Eastern time Comments: If you receive a message like this, don't panic. Delete it. The attachment contains a worm (virus) called Sober-K (or another variant of the same malicious file). Don't open it — it can harm your computer — just delete it. Though this message and others similar to it purport to come from the FBI or CIA, and may even sport return addresses like police@fbi.gov, they were not authorized or sent by any government agency. FBI statement, February 22, 2005: FBI ALERTS PUBLIC TO RECENT E-MAIL SCHEME Emails purporting to come from FBI are phony Washington, D.C. - The FBI today warned the public to avoid falling victim to an on-going mass email scheme wherein computer users receive unsolicited e-mails purportedly sent by the FBI. These scam e-mails tell the recipients that their Internet use has been monitored by the FBI’s Internet Fraud Complaint Center and that they have accessed illegal web sites. The emails then direct recipients to open an attachment and answer questions. The attachments contain a computer virus. These emails did not come from the FBI. Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited emails to the public in this manner. Opening email attachments from an unknown sender is a risky and dangerous endeavor as such attachments frequently contain viruses that can infect the recipient’s computer. The FBI strongly encourages computer users not to open such attachments. P.S. And, as always, make sure your antivirus software is up to date.
Haha. My office got hit with this yesterday. My boss opened the zip file. I haven't tried this one yet, but supposedly this is the new fix from Symantec http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.removal.tool.html They refer to the latest one as W32.Sober.X I'm about to try to fix his his cpu with this one. I'll let yall know if it works.
Open the files immediately. You might be a terrorist. That is why you got the email in the first place.
way to go geniuses. you got computer vd. i havent checked my mail box at home or work, so let me not start laughing yet.
Don't worry...I haven't opened any of the zip files. I've gotten many that look like legit emails. It's crazy.
Maybe your system admins should learn how to keep the exchange servers up to date so this doesn't happen... My exchange server blocked over 1500 of these sent yesterday alone
Why take X time to write code to bring down Y systems when you can write code to bring down 90Y systems? Lack of marketshare has its rewards.
The virus disables norton liveupdate. This is a mess. I've been working to clean a cpu with it all morning. I finally got live update to work through the website, now hopefully it cleans the virus through the scan. We will see... He had Norton 2003 and he just paid to get 2006. installed and the virus still disabled live update. It's on my boss cpu and he is all pissed at Norton. I wish I could tell him that's he is the dumbass for opening the attachment.
http://www.houstonchronicle.com/disp/story.mpl/front/3482075.html Nov. 25, 2005, 12:07AM Worm quickly left its mark Fake e-mail from FBI or CIA knocks security for a loop By ARSHAD MOHAMMED and BRIAN KREBS Washington Post WASHINGTON - It's being called the worst computer worm of the year — a quickly spreading Internet threat that looks like an official e-mail from the CIA or FBI but can leave your computer wide open to intruders. The bogus e-mail claims the government has discovered you visiting "illegal" Web sites and asks you to open an attachment to answer some official questions. If you do, your computer gets infected with malware that can disable security and firewall programs and blast out similar e-mails to contacts in your address book. It can also keep you from getting to computer security Web sites that might help fix the problem, and it may open your Windows computer to intruders who can steal your personal data. The worm — named "Sober X" — has spread so far so fast that the CIA and the FBI put prominent warnings on their Web sites making clear that they did not send out the e-mail and urging people to not open the attachment. Across the Atlantic Ocean, Austria's equivalent to the FBI is investigating a flurry of similar bo gus e-mails sent in its name to people in Austria, Germany and Switzerland, the Associated Press reported. "This particular virus is a mass-mailer worm and is the largest one we have seen this year," said Alfred Huger, senior director of engineering at Symantec Corp., which sells Norton AntiVirus software. "It's as bad as it gets. With this particular type of virus on your system, there is a high probability that your personal information will be stolen." Craig Schmugar, a virus-research manager at McAfee's AVERT Labs, said his company, which also makes anti-virus software, had logged more than 73,000 consumer computers reporting detection since the worm was discovered Monday. British e-mail security company MessageLabs Ltd. said it has intercepted more than 2.7 million copies of Sober and its variants. Still, the Sober worm was listed as only a "medium-risk" worm by security companies, which noted that it was not as widespread as others in recent years, notably MyDoom, which hit computers systems early last year. Sober is known to only affect computers running the Windows operating system. It appears that Apple and Linux computer users were not affected. The e-mail informs the recipient that the user's IP address has accessed more than 30 illegal Web sites and that the attachment contains a list of questions that need to be answered. The e-mail also includes an authentic phone number for the FBI or CIA. And that's kept government switchboard operators busy. FBI operators have been routing calls and complaints to its Internet Crime Complaint Center in West Virginia, which received more than 4,000 complaints about the worm on Monday. The center typically receives 18,000 complaints each month, FBI spokeswoman Cathy Milhoan said. The FBI is investigating the source of the attack, which closely resembles an e-mail worm that surfaced in February, Milhoan said, although she declined to comment on the progress of that investigation.
