The FBI has sent you – YOU – an email claiming it has been monitoring your Internet use and you have accessed a number of so-called illegal sites.
It wants you to open an attachment and answer a list of questions.
Do NOT open this attachment because it contains variants of the W32/sober virus.
Once your computer is infected, the virus may:
Attempt to harvest email addresses from a configurable list of file extensions
Utilize its own SMTP engine to send itself to the harvested email addresses
Other common characteristics of W32/sober virus variants include:
Modify the system registry to prevent Windows XP's built-in firewall from starting
Modify the HOSTS file to prevent the computer from accessing certain security and commercial web sites
Attempt to terminate a number of running processes, some of which are security related
Open a backdoor on the system that allows the attacker to communicate remotely with the system via IRC. This may allow the attacker to upload and execute arbitrary code on the infected machine.
To date, the phoney FBI emails have been sent with email addresses of firstname.lastname@example.org, email@example.com and firstname.lastname@example.org. There may be similar-styled addresses.
The FBI warns that it does not conduct business like this and is investigating the matter. For more information check out the FBI’s website at www.fbi.gov.
Similar emails purportedly come from the CIA and Bundeskriminalamt (BKA), the German Federal police service.
WA ScamNet always advises computer users to never open an unsolicited email attachment and to keep their anti-virus software up-to-date.