E-mail Scammers Pose as FBI, CIA

Itsme · 11-22-2005, 07:39 PM

I must have gotten over a dozen of these email just today.

------------------------------------------------------------------------

E-mail Scammers Pose as FBI, CIA

Spam attempts to trick users into installing the Sober worm.
Robert McMillan, IDG News Service
Tuesday, November 22, 2005
SAN FRANCISCO -- The U.S. Federal Bureau of Investigation today warned computer users not to open a widely circulating e-mail that falsely claims to have been sent by U.S. authorities. The e-mail attempts to trick users into installing a variant of the Sober worm by telling them that they have been spotted on "illegal Web sites," and asking them to click on an attached "list of questions."

"These e-mails did not come from the FBI," the FBI announced in a posted statement. "Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner."

A Significant Portion of Global E-Mail
This latest worm now accounts for more than 65 percent of all malicious software being reported to antivirus vendor Sophos, and it constitutes about one in every 74 e-mail messages being sent on the Internet, according to Graham Cluley, a senior technology consultant with Sophos. "It's quite a significant event," he said. "I'm not sure that it's necessarily going to last, but at the moment it's well ahead of any other virus."

Once launched, Sober scans the user's hard drive for e-mail addresses and sends the bogus e-mail to new recipients. After that, it awaits further instructions from its creator, effectively transforming the infected system into a remote-controlled zombie computer that can be used for further spamming or computer attacks.

In some instances, the worm pretends to come from the U.S. Central Intelligence Agency (CIA) or the German police, Cluley said.

Similar to Earlier Variants
Variations of the Sober worm have been circulating for about two years now, and their code is sufficiently similar that they are all thought to have been written by one person, or perhaps by a small group of people, Cluley said.

By mentioning U.S. law enforcement, the worm writers have made it more likely that users will inadvertently launch malicious code, but they may also be goading the FBI and the CIA, Cluley said. "It seems a bizarre thing for the virus writer to do, to pick a fight with the FBI and CIA in this way."

The FBI is taking the matter "seriously," and is investigating, the agency's statement said.

BigJon · 11-22-2005, 07:48 PM

It's been done before.

shocky123 · 11-22-2005, 07:56 PM

geez... people still fall for that stuff??
everybody knows the CIA and FBI use telepathy to contact people... email is sooo last year.

~Kyle

zippyjuan · 11-23-2005, 10:55 PM

I got a copy of the CIA message today, but my internet service blocked it for me. Earthlink does a good job.

Jenny · 11-23-2005, 11:42 PM

I've been getting close to a hundred of them just today. *sigh*

Burzhui · 11-24-2005, 08:21 AM

i've gotten several of those, most where blocked by RR

BigJon · 11-24-2005, 08:28 AM

I think it is a full scale attack designed to take advantage of that Sony DRM problem. That's just my guess. My work email has been blocking HUNDREDS of those emails.

They come with these set of subjects:

hi, ive a new mail address
Mail delivery failed
Paris Hilton & Nicole Richie
Registration Confirmation
smtp mail failed
You visit illegal websites
Your IP was logged
Your Password

tremonti · 11-24-2005, 08:21 PM

Wow, this stuff is over the line. People these days.

11-22-2005, 07:39 PM	#1
Itsme Vice Admiral Join Date: Aug 2004 Location: Southern California Posts: 4,813	E-mail Scammers Pose as FBI, CIA I must have gotten over a dozen of these email just today. ------------------------------------------------------------------------ E-mail Scammers Pose as FBI, CIA Spam attempts to trick users into installing the Sober worm. Robert McMillan, IDG News Service Tuesday, November 22, 2005 SAN FRANCISCO -- The U.S. Federal Bureau of Investigation today warned computer users not to open a widely circulating e-mail that falsely claims to have been sent by U.S. authorities. The e-mail attempts to trick users into installing a variant of the Sober worm by telling them that they have been spotted on "illegal Web sites," and asking them to click on an attached "list of questions." "These e-mails did not come from the FBI," the FBI announced in a posted statement. "Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner." A Significant Portion of Global E-Mail This latest worm now accounts for more than 65 percent of all malicious software being reported to antivirus vendor Sophos, and it constitutes about one in every 74 e-mail messages being sent on the Internet, according to Graham Cluley, a senior technology consultant with Sophos. "It's quite a significant event," he said. "I'm not sure that it's necessarily going to last, but at the moment it's well ahead of any other virus." Once launched, Sober scans the user's hard drive for e-mail addresses and sends the bogus e-mail to new recipients. After that, it awaits further instructions from its creator, effectively transforming the infected system into a remote-controlled zombie computer that can be used for further spamming or computer attacks. In some instances, the worm pretends to come from the U.S. Central Intelligence Agency (CIA) or the German police, Cluley said. Similar to Earlier Variants Variations of the Sober worm have been circulating for about two years now, and their code is sufficiently similar that they are all thought to have been written by one person, or perhaps by a small group of people, Cluley said. By mentioning U.S. law enforcement, the worm writers have made it more likely that users will inadvertently launch malicious code, but they may also be goading the FBI and the CIA, Cluley said. "It seems a bizarre thing for the virus writer to do, to pick a fight with the FBI and CIA in this way." The FBI is taking the matter "seriously," and is investigating, the agency's statement said.

11-22-2005, 07:48 PM	#2
BigJon Vice Admiral Join Date: Sep 2000 Location: In the kitchen...skinning onions... Posts: 4,946	It's been done before. __________________

11-22-2005, 07:56 PM	#3
shocky123 Lieutenant Commander Join Date: Aug 2004 Location: Ames, Iowa Posts: 828	geez... people still fall for that stuff?? everybody knows the CIA and FBI use telepathy to contact people... email is sooo last year. ~Kyle __________________ "me awaits onslaught of estrogen fury." -CornMonkey "5. When your friend dates a woman that is absolutely terrible for him, and she's wrecking his life, it's your duty to openly hate her, and point out how evil she is." -ialsohaveadream

11-23-2005, 10:55 PM	#4
zippyjuan Picture of the Day Guru Join Date: Oct 2002 Location: Sunny San Diego Posts: 8,756	I got a copy of the CIA message today, but my internet service blocked it for me. Earthlink does a good job. __________________ I add new pictures to my photo gallery pretty regularly. You can see them here if you are interested: http://www.pbase.com/jeffryz

11-23-2005, 11:42 PM	#5
Jenny Chief of Naval Operations Join Date: Mar 2000 Location: Kansas City area Posts: 10,947	I've been getting close to a hundred of them just today. sigh __________________ Check out my spoilers for over 20 shows @ SpoilerFix.com Check out my TV blog, where I post weekly & daily TV schedules, TV news, interviews with TV stars & more! All new TV forums as well @ TV Is My Pacifier

11-24-2005, 08:21 AM	#6
Burzhui hot in velour pants Join Date: Jun 2000 Location: New York City Posts: 9,198	i've gotten several of those, most where blocked by RR __________________ ____________________ IF A FAT GIRL FALLS IN THE WOODS DO THE TREES LAUGH?

11-24-2005, 08:28 AM	#7
BigJon Vice Admiral Join Date: Sep 2000 Location: In the kitchen...skinning onions... Posts: 4,946	I think it is a full scale attack designed to take advantage of that Sony DRM problem. That's just my guess. My work email has been blocking HUNDREDS of those emails. They come with these set of subjects: hi, ive a new mail address Mail delivery failed Paris Hilton & Nicole Richie Registration Confirmation smtp mail failed You visit illegal websites Your IP was logged Your Password

11-24-2005, 08:21 PM	#8
tremonti Ensign Join Date: Nov 2005 Posts: 19	Wow, this stuff is over the line. People these days. __________________ Please read the rules. No spam links in sigs. 50kb for a sig picture is too big. And if you have candy you must share with the entire forum.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

User Name
Password
Remember Me?