Issue 115 - June 2011 - Page 15
FBI 'You Visit Illegal Websites' Malware Email
Email purporting to be from the FBI claims that the recipient has been logged visiting illegal websites and is required to answer a list of questions contained in an attached file.
The email is not from the FBI and the attachment does not contain a list of questions as claimed. In fact, opening the attachment will launch a fake anti-virus program that tries to trick users into providing credit card details. The same ruse has been used to distribute worms or malware for several years.
Detailed analysis and references below example.
Last updated: 10th May 2011
First published: 10th May 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: You visit illegal websites
Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached.
This email, which claims to be from the FBI, warns recipients that they have been logged as visiting more than 40 illegal websites. The message advises recipients to answer a list of questions that are supposedly contained in an attached zip file.
However, the email is certainly not from the FBI
and the attachment does not contain a list of questions as claimed. Instead, the attachment harbours a fake anti-virus program
that tries to trick users into submitting their credit card details. Once launched, this fake anti-virus program will supposedly scan the user's computer before displaying a message warning that the computer has a large number of serious virus infections. The message will also claim that the user must pay an immediate fee via a credit card before the anti-virus program can remove the virus infections. In fact, the supposed scan is entirely bogus and the viruses it "finds" do not exist. The fake program will continually display annoying and intrusive "virus warning" messages until the user pays up.
Some inexperienced computer users, first panicked by what they believe is a genuine message from the FBI, and then further panicked by dire warnings that their computer is riddled with dangerous viruses may hastily hand over their credit card information.
And the FBI ruse is apparently an effective tactic for criminals intent on distributing worms or malware. Back in 2005, another email that also claimed that the recipient had been logged by the FBI as visiting illegal websites was used to distribute the Sober worm
. In fact, the wording of the two emails is virtually identical. Only the malicious payload is different. Some of the Sober worm versions claimed that it was the CIA rather than the FBI that had logged the illegal website visits. In 2007, another malware campaign used emails that falsely claimed that the recipient was under investigation by the IRS
Users should be very cautious of any email that claims to be from the FBI or another law enforcement or government agency. If you receive such an email, do not open any attachments that it may contain. Do not follow any links included in the email. Rest assured, if the FBI (or the CIA) has a problem with your online activities it will not contact you via an unsolicited email.
Sophos - FBI says you've been visiting illegal websites? It's a malware attack
Sophos - What is Fake AV?
FBI Virus Emails - Sober Worm
IRS Criminal Probe Scam Emails
Pages in this month's issue:
- Inaccurate Message Claims That Missing Joplin Tornado Kids at Children's Mercy, KC
- Hotmail Account Deactivation Phishing Scam
- Fake Virus Warning - Do Not Add 'Howard Hertzberg' Because Its a Virus
- Exer-Hide Dog Chew Warning Message
- Video Showing Man Taken by Killer Whale
- Picture of Huge King Brown Snake in Branxton NSW
- Dislike Button Virotrex Virus Warning
- Facebook Page Hacker Warning Message - "Visit The New Facebook" Links
- Dueling Banjos Hoax
- Advance Fee Scam - Prince William and Princess Catherine Worldwide Galore Promotion
- UPS Uniforms Hoax
- Trees Cocooned in Spider Webs After Pakistan Floods
- ABSA Phishing Scam Emails
- Osama Bin Laden Virus Emails
- FBI 'You Visit Illegal Websites' Malware Email
- HM Revenue & Customs Income Tax Repayment Phishing Scam
- Facebook Virus Warning - BBC Video Of Bin Laden Killing
- Pointless Warning Message - Facebook About to Become Owner of Your Private Photos
- Unfounded Facebook Rumour- Bob Howard Pedophile Warning