New virus being distributed in fake FBI e-mail
The agency learned of the fraudulent e-mail over the weekend
February 23, 2005 12:00 PM ETComputerworld -
A fake e-mail that purports to be from the FBI is circulating on the Internet with a computer virus as its payload.
In an announcement yesterday, the FBI warned that the fake unsolicited e-mail tells users that "their Internet use has been monitored by the FBI's Internet Fraud Complaint Center and that they have accessed illegal Web sites."
The bogus message then asks recipients to click on an attachment and answer some questions about their alleged illegal Internet use. But rather than being a questionnaire, the attachment contains a virus that infects the recipient's computer, according to the agency. It wasn't immediately clear what the virus does once it has infected a computer.
Paul Bresson, an FBI spokesman, today said that the agency discovered the fake e-mail over the weekend after several recipients of the messages notified the FBI. Bresson said he didn't know exactly how many complaints were received.
The latest scam appears to be the first time a virus has been distributed through an e-mail allegedly from the FBI, he said. A previous scheme involved e-mails that lured recipients to a fake Web site that looked like the FBI's official site, then asked recipients to enter their credit card number and personal information to determine if their card was one that recently had been stolen.
The latest message has multiple misspellings and is written in broken English, Bresson said. "The wording is very poor, which helps us," he said. "We're hoping that that flags people that this is not legitimate."
The message warns recipients that their Internet use continues to be watched and that the alleged illegal activity should be halted. "If there will be anover [sic] attemption [sic] you will be busted," the message states.
Bresson didn't know whether any victims of the scam have provided their credit card numbers or other information.
The FBI said that it never sends official unsolicited e-mails to citizens for any reason and that any messages purporting to be from the agency should be ignored. Recipients can also report them to the FBI's Internet Crime Complaint Center.
Pete Lindstrom, a security analyst at Spire Security LLC in Malvern, Pa., said fake e-mail messages will continue to be a problem until tighter standards for sending e-mails are adopted by senders and recipients. "The way we use e-mail today, anyone can impersonate anyone else," he said.
To stop that, users need to consider using trust certificates for all mail, so recipients know that an incoming message is from a trusted sender.
"Folks aregoing to have to rethink how easy this is [to send and receive mail today], which made it very functional in the past," Lindstrom said, noting that the technical know-how to make mail more secure is already here.
"It becomes more of a question of willingness to do it," he said.
Additional Resources


White Papers & Webcasts
An All-in-One Approach to Web Security
Granting web access to employees poses challenges to IT administrators and introduces unique security risks. Even as companies have perfected their security techniques...
Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....
The Hidden Dangers of Spam
Beyond the well-understood productivity drain that spam inflicts on businesses, threats posed by illicit email circulating through a network are causing many security...
The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....
Case Study: The Ritz London
Discover how the superior capabilities of Webroot E-mail Security SaaS allows user to focus on their principal tasks instead of wasting their time...
SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....
Case Study: Richmond Ambulance Authority (RAA)
In this case study, find out how Webroot Web Security SaaS delivers the proactive web security RAA needs....
Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...
Can Heuristic Technology Help Your Company Fight Viruses?
(Source: MessageLabs - now part of Symantec) In the face of today's increasingly sophisticated malware, using multiple layers of email and web protection...
Agile Enterprise Content Management (ECM) for Rapid ROI
Find out how combining ECM and BPM will help adress issues about content rich business processes....
Subscribe to Computerworld
