Fake CIA, FBI E-Mails Power Sober Worm
Several new versions of the "Sober" e-mail worm have been mass-spammed to millions of e-mail boxes of the last 72 hours, posing as messages from the FBI and the CIA warning recipients that their Internet address has been implicated in illegal activity online.
The messages obviously were not sent by either agency, but any recipient who clicks on the attachment carried in the e-mail may indeed soon find their computers involved a variety of illegal activities at the hands of the virus authors. Both the CIA and the FBI have posted warnings about this latest worm on their Web sites.
FBI spokesperson Cathy Milhoan said the agency has been swamped with calls from people who received the e-mails because the message includes the actual phone number for the FBI headquarters in Washington. She said FBI operators have had their hands full routing calls and complaints to its Internet Crime Complaint Center in West Virginia, which received more than 4,000 complaints about the worm on Monday alone. The ICC typically receives 18,000 complaints each month.
Finnish anti-virus firm F-Secure calls the latest Sober outbreak the largest e-mail worm epidemic so far this year. UK-based e-mail security company MessageLabs said it has intercepted more than 2.7 million copies of Sober and its variants, noting that "the size of the attack indicates that this is a major offensive, certainly one of the largest in the last few months."
The criminals behind the Sober family of worms usually release several variants of the worm at once, each one altered slightly to evade detection by anti-virus software; security firms often take several hours to push out new virus definitions that their software uses to spot the worm.
The Sober worm uses its own e-mail engine to blast copies of itself out to all of the addresses found on an infected computer. Sober kills a long list of security applications that may be running, including anti-virus and firewall software, and prevents the victim from visiting a long list of security-related Web sites. Finally, it opens a backdoor on the infected machine, allowing attackers to upload whatever software they want.
As usual, be extremely cautious about clicking on links and opening e-mail attachments, even if they appear to come from someone you know. As Sober illustrates, you cannot always depend on scanning an attachment with anti-virus software to be sure it is safe to open. If you have any doubts about the integrity of an attachment or weren't expecting it, contact the person who sent it.
SOBER Worm using FBI & CIA 
Linear Mode
