The email, with an fbi.gov return address, tells the recipient that they have been observed accessing illegal web sites. The recipient is then asked to open an attached questionaire regarding their Internet Usage. When the recipient clicks on the attachment, a virus is loaded on their system.
An example of the email bearing the Sober K Worm follows:
You_visit_illegal_websitesDear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites.
Please answer our questions!The list of questions are attached.
Yours faithfully, Frederick Thompson
Federal Bureau of Investigation -FBI-
935 Pennsylvania Avenue, NW, Room 3220
Washington, DC 20535
phone: (202) 324-3000
It is not yet known what effect the virus has on a user’s computer.
“Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner,” the FBI said in a statement.
Last month, the Federal Bureau of Investigations was forced to shut down their email system due to a security vulnerability. It’s not yet known if the sober k virus is related to the earlier problems.
The virus sender is counting on the panic induced by the email to persuade the recipient to open the attachment. The ironic thing is that this virus plays upon people’s willingness to obey an authority figure, while the virus, itself, is an “in your face” affront to the most powerful law enforcement agency in the world.
Some variants of this virus purport to be sent from the Central Intelligence Agency of the United States Government.
Email users may guard themselves against this virus by:
1. NEVER open an attachment in an unsolicited email, even if it appears to have been sent by an authotative source.
2. Be extremely cautious about opening attachments from people you know. Many viruses use email spoofing to make it appear that the email was sent by a trusted source. If in doubt, call the sender via telephone, and ask if they sent you an attachment.
3. Disable auto-viewing/opening of attachments in your email client software if possible.
4. Keep your anti-virus definition software updated.