Fake FBI e-mails carrying new virus
The bug opens and reads files on the infected hard drive
THE LOCAL FBI office is warning Hawaii residents of a new computer virus masquerading as an e-mail from the FBI, first reported early Monday morning to the agency's Boston office.
"The FBI is not responsible for these e-mails," Charles Goodwin, FBI Special Agent-in-Charge in Honolulu, said yesterday. "The FBI does not send unsolicited e-mails to people."
BOGUS FBI E-MAIL
Be on the lookout for virulent e-mail bearing:
» Fake addresses: firstname.lastname@example.org and email@example.com
» Attachment: Do not open the attachment "question_list.zip"; it will infect computers upon opening.
The FBI is urging recipients of the bogus e-mail not to open its zip attachment. If opened, the attachment -- "question_list.zip" -- will infect the recipient's computer by opening and reading files on its hard drive. Symantec is calling the virus W32.Sober.X@mm
The FBI's Honolulu office had received up to three dozen calls as of yesterday, while the FBI headquarters has been inundated with calls, Goodwin said.
The e-mail looks official and is signed by a fictitious FBI agent. It says the user has logged onto more than 30 illegal Web sites, and is asked to answer questions on an attachment to the e-mail, Goodwin said.
The e-mail is purported to be from the FBI using the following fake addresses: department@ fbi.gov and firstname.lastname@example.org
This virus, a variant of the W32/Sober viruses, sends out multiple e-mail messages to addresses taken from the computer's hard drive. The virus also produces a pop-up window, which appears to be an error message with the text "Winzip Self Extractor -- Error in packed header."
Goodwin said the virus is being propagated worldwide using unsolicited e-mails purportedly from the FBI, CIA and other law enforcement agencies in different countries.
The crime of computer intrusion, infecting computers with malicious software, is a felony and is punishable by up to five years imprisonment and an unspecified fine.
Goodwin recommends simply deleting the e-mails. He said recipients of the e-mail need not contact the FBI since the agency is well aware of the problem.
Goodwin said he does not have information on where the virus originated, but the FBI's Boston office is investigating.
This is the first time an e-mail scheme that proliferates a computer virus using the FBI name has been so widespread, he said.
The malicious code in the attachment is W32/Sober.gen @MM
The FBI recommends using antivirus software and any patches. McAfee issued an update to their W32/Sober.gen @mm description at vil.nai.com/vil/content/v_102139.htm.