FBI: We’re Not Infecting You

The FBI issued a statement saying it is not behind a worm-infected e-mail that’s finding its way into inboxes, the agency said Tuesday.

Paul Bresson, an FBI spokesman, said the agency first heard of the e-mails
purportedly coming from its servers over the weekend and is looking for the
worm’s author.

“We are aggressively looking into it [and] we have a cyber squad that’s
devoted to this investigation,” he said. “Sometimes these kinds of cases
take some time and sometimes they don’t require as much, but we’ll have to
see.”

The culprit, according to e-mail security sites Symantec
and F-Secure, could be a new strain of the Sober.K worm, which spoofs the domain addresses of a number of e-mail servers.

The e-mails bear the subject line “You visit illegal websites,” stating in
the body of the message that the user’s IP address has been found on more
than 40 illegal Web sites and to contact M. John Stellford of the FBI.

Written in Visual Basic, the 58KB-sized worm creates new registry entries and
data files to store the user’s e-mail addresses and a copy of the worm. It then checks for a network connection and sends an e-mail to the
harvested addresses, along with a copy of the worm, using its own SMTP
engine.

Besides messages that supposedly originate from the FBI, the worm creates
messages in German and English and includes claims to having Paris Hilton videos; a warning by Microsoft of a new variant of the Sober
virus; an e-mail delivery-failure notice; and a statement stating the user
has made a payment and to click on the attachment for more information.

Besides a number of @fbi.gov e-mail aliases, the worm forges e-mail headers
from [email protected] and hostmaster, webmaster and postmaster.

According to security experts, the worm is limited to the Windows platform and installs itself after a user clicks on the attachment.

Symantec first discovered the Sober.K worm Sunday and F-Secure stated the
worm was seeded in e-mails on Monday, according to advisories published by
the two organizations.

Symantec’s advisory includes removal instructions for users with infected
systems who are using their antivirus programs.

“Opening e-mail attachments from an unknown sender is a risky and dangerous
endeavor; as such attachments frequently contain viruses that can infect the
recipient’s computer,” the FBI statement reads. “The FBI strongly
encourages computer users not to open such attachments.”

FBI officials in their statement said the agency does not engage in the
practice of sending unsolicited e-mails and users should take precautions
when reading their e-mail.

The FBI is encouraging users to report any e-mails such as the one described
to the Internet Crime Complaint Center (ICCC). The complaint form can be
found here.

News Around the Web