BBC Home
Explore the BBC
BBC News
Launch consoleBBC NEWS CHANNEL
Last Updated: Thursday, 24 November 2005, 11:20 GMT
Fake FBI virus catches net users
Paris Hilton, PA
One variety of the virus promises images of Paris Hilton
A Windows virus that warns users about illegal net use is spreading online.

The bug-bearing message claims to come from either the FBI, CIA or German BKA police agency. It warns users they have been detected visiting illegal sites.

Those opening a questionnaire attached to the message will be infected by a variant of the well-known Sober virus.

Anti-virus firms have caught millions of copies of the malicious program, suggesting a lot of people have fallen for the fake warning.

Web watch

The Windows virus started circulating on 22 November and mail filtering firm MessageLabs said it caught almost three million copies of the Sober variant in the first 24 hours of the outbreak. By the end of Wednesday Postini said it had netted more than seven million copies of the bug.

The virus travels in an e-mail message with the subject line of "You visit illegal websites" or "Your IP was logged".

SOBER SUBJECT LINES
You visit illegal websites
Your IP was logged
Your_Password
Registration Confirmation
Your Password
Mail delivery failed
smtp mail failed
hi,_ive_a_new_mail_address
Account Information
Ihr Passwort
Mailzustellung wurde unterbrochen
SMTP Mail gescheitert
Ermittlungsverfahren wurde eingeleitet
Sie besitzen Raubkopien
RTL: Wer wird Millionaer
Paris Hilton & Nicole Richie
The body text of the message makes it appear as if the recipient has been caught by the FBI, CIA or BKA browsing 30 illegal sites and asks them to fill in an attached form about this activity.

Anyone clicking on the attached form gets a fake error message while, in the background, the virus starts plundering an infected PC for e-mail addresses to send itself to.

Responding to the outbreak the FBI said: "These e-mails did not come from the FBI."

It added: "Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner."

The virus also comes in varieties that purport to hold a video of Paris Hilton, fake password change notices and e-mail error messages. It can only infect those using Windows PCs.

F-Secure said the outbreak was the "biggest of the year" and Symantec said the virus was spreading very fast in the wild. Statistics gathered by Trend Micro suggest that most victims were in North America.

The spread of the virus slowed on Wednesday but anti-virus firms urged users to update their protection and not to click on attachments to unsolicited e-mail messages.

The first Sober virus was found in October 2005 and there have been 25 variants released since then. This latest variant checks to see if a machine has been infected by earlier versions and tries to shut them down so it can do its work.


SEE ALSO:
Mercy shown over hacker sentence
04 Nov 05 |  England
Worm affects AOL instant messages
01 Nov 05 |  Technology
Virus creators target their work
15 Nov 05 |  Technology
UK in grip of hi-tech crime wave
17 Jun 05 |  Business
Boom times for hi-tech fraudsters
28 Sep 05 |  Technology
Teen cleared over e-mail salvo
03 Nov 05 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific