Experts at Sophos have warned Internet users of an in-the-wild worm which is pretending to be an email from an FBI or CIA investigator. In the last 48 hours, the worm has accounted for over 81% of all viruses reported to Sophos, making it currently the most prevalent virus spreading across the world.
It has accounted for a staggering 1 in 17 of all emails travelling across the Internet. The FBI is so concerned about the messages that it has issued a warning on its web site.
The W32/Sober-Z worm arrives as an email attachment, and can use a variety of different messages, including the following:
Dear Sir/Madam,
We have logged your IP-address on more than 30 illegal Web sites.
Important: Please answer our questions! The list of questions are attached.
Yours faithfully,
Steven Allison
Federal Bureau of Investigation-FBI-
935 Pennsylvania Avenue, NW , Room 3220
Washington , DC 20535
Phone: (202) 324-30000
Sometimes the emails claim to come from the same investigator, but at the CIA. Other versions pretend to be video clips from the Nicole Richie and Paris Hilton TV show "The Simple Life", or relate to the German version of the quiz show "Who wants to be a Millionaire".
If the attached file is run, the worm scans the user's hard drive for other email addresses, in its search for other computers to infect.
Graham Cluley, senior technology consultant at Sophos said,
"This variant of the Sober worm may catch out the unwary as they open their email inbox this morning. Every law-abiding citizen wants to help the police with their enquiries, and some will panic that they might be being falsely accused of visiting illegal web sites and want click on the unsolicited email attachment. All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection."
In a statement, the FBI has urged users who receive the viral emails to report them to the Internet Crime Complaint Center at http://www.ic3.gov