Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share












FBI Virus Emails - Sober Worm

Summary:
Email, supposedly from the FBI or the CIA, claims the recipient has been logged visiting illegal websites(Full commentary below.)



Status:
Email attachment contains a variant of the Sober worm.

Examples:(Submitted November, 2005)
Subject : You_visit_illegal_websites

Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.

Important:

Please answer our questions!

The list of questions are attached.

Yours faithfully,
Steven Allison

*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000



Commentary:
Another variant of the Sober worm, Sober X, is currently hitting inboxes around the world. A frightening aspect of this worm is that it may arrive as an email attachment that pretends to be from America's Federal Bureau of Investigation (FBI). Some versions claim to be from the CIA rather than the FBI. The virus email claims that the recipient has been logged visiting illegal websites, and asks him or her to open the attached file to answer a list of questions. However, opening the attachment can infect the computer with a variant of the Sober worm.

It hardly needs to be said that the email is not really from the FBI. Information on the FBI's website, states that:
We're sorry to report yet another wave of virus-laden e-mails sent out with false FBI addresses. This particular e-mail claims the FBI has been monitoring your Internet use...says you've accessed so-called illegal websites...and demands you answer questions—all you have to do is open an attachment, maliciously laced with a variant of the w32/sober virus.

Don't do it! In fact, don't EVER respond to unsolicited poison pills like these. The FBI does not conduct business this way.
The CIA website also warns visitors about these bogus emails:
Some members of the public have in the past few days received a bogus e-mail falsely attributed to CIA's Office of Public Affairs. CIA did not send that message. In fact, it does not send unsolicited e-mail to the general public, period. If you have gotten such a message, we strongly encourage you not to open the attachment, which contains a destructive virus.
The hidden purpose of this virus message is simply to panic recipients into clicking on the attachment and inadvertently infecting their machine. Sober X can also arrive as fake "Delivery Status Notification" message, emails that promise free Paris Hilton videos, and a variety of other messages.

An earlier variant of Sober that was hitting inboxes in early 2005 used very similar tactics (see example below).

For details about this worm and what to do about, access the Symantec write-up about Sober X by following the link below:
W32.Sober.X@mm

Such ruses are a common ploy used by virus creators. Worms can also arrive disguised as Microsoft security patches, free screensavers or other software, love letters and compromising photographs just to name a few.

Computer uses should always be very cautious of emails that arrive with attachments, even those that appear to be from people they know and trust. Many modern Internet worms use spoofing techniques to disguise the real origin of infected emails.

Reliable, and up-to-date, anti-virus software is an essential requirement for Internet enabled Microsoft Windows based computers.

Write-up by Brett M.Christensen



CIA Version:
Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.

Yours faithfully,

Steven Allison

++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505
++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time

An example from early 2005:
From: FBI@fbi.gov

To: [REMOVED]

Subject: You visit illegal websites

Dear Sir/Madam,

we have logged your IP-address on more than 40 illegal Websites.

Important: Please answer our questions!
The list of questions are attached.

Yours faithfully,
M. John Stellford

++-++ Federal Bureau of Investigation -FBI-
++-++ 935 Pennsylvania Avenue, NW, Room 2130
++-++ Washington, DC 20535
++-++ (202) 324-3000