|
|
|
| 1 in 17 emails now infected with Sober virus |
| Friday, November 25, 2005 at 15:10 by Kathleen Hill |
Experts at Sophos have warned Internet users of an in-the-wild worm which is pretending to be an email from an FBI or CIA investigator. In the last 48 hours, the worm has accounted for over 81% of all viruses reported to Sophos, making it currently the most prevalent virus spreading across the world.
It has accounted for a staggering 1 in 17 of all emails travelling across the Internet. The FBI is so concerned about the messages that it has issued a warning on its web site.
The W32/Sober-Z worm arrives as an email attachment, and can use a variety of different messages, including the following:
Dear Sir/Madam,
We have logged your IP-address on more than 30 illegal Web sites.
Important: Please answer our questions! The list of questions are attached.
Yours faithfully,
Steven Allison
Federal Bureau of Investigation-FBI-
935 Pennsylvania Avenue, NW , Room 3220
Washington , DC 20535
Phone: (202) 324-30000
Sometimes the emails claim to come from the same investigator, but at the CIA. Other versions pretend to be video clips from the Nicole Richie and Paris Hilton TV show "The Simple Life", or relate to the German version of the quiz show "Who wants to be a Millionaire".
If the attached file is run, the worm scans the user's hard drive for other email addresses, in its search for other computers to infect.
Graham Cluley, senior technology consultant at Sophos said,
"This variant of the Sober worm may catch out the unwary as they open their email inbox this morning. Every law-abiding citizen wants to help the police with their enquiries, and some will panic that they might be being falsely accused of visiting illegal web sites and want click on the unsolicited email attachment. All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection."
In a statement, the FBI has urged users who receive the viral emails to report them to the Internet Crime Complaint Center at http://www.ic3.gov
|
|
| |
 
|
|
| i get about 20 emails a day with this virus attached. luckily my pc is free from the virus! the mails always come in the same format......... the maessage always says...."hi remeber me? i have changed my address. attached is a copy of our previous conversations on email.
mail me soon if u remeber me".
luckily when i opened it i didnt get infected because i have up to date AV software. |
|
|
| Haven't come across this at all. From my own experience, I would say the most all-pervading scum e-mails at the moment are from phishers - I've had about 30 of these in the last week, half of them from Barclays (where I don't have an account!) |
|
|
| I've come across this virus in my stepfather's email. So far he's getting in average around 60 mails a day with the virus attached. The article says 1 in 17, but i'm seeming numbers averaging about 47 out of 50 mails contain the virus. At the same time, I haven't gotten any of these on my personal email address at all... I guess it just goes from who you know and who's got the bug. I've also noticed that most of the email addresses the mail says it came from seem to be a combined jumble of parts of different email addresses. Such as an address @yahoo.net instead of yahoo.com for instance. It would seem that this is some kind of attempt to hide the address of the infected computer and prevent filtering of the mails. Or at least make them harder to filter. |
|
|
|
| Recent Articles In Virus: |
|
| |
|
|
|
|
|
