Network News

X My Profile
View More Activity

Fake CIA, FBI E-Mails Power Sober Worm

Several new versions of the "Sober" e-mail worm have been mass-spammed to millions of e-mail boxes of the last 72 hours, posing as messages from the FBI and the CIA warning recipients that their Internet address has been implicated in illegal activity online.

The messages obviously were not sent by either agency, but any recipient who clicks on the attachment carried in the e-mail may indeed soon find their computers involved a variety of illegal activities at the hands of the virus authors. Both the CIA and the FBI have posted warnings about this latest worm on their Web sites.

FBI spokesperson Cathy Milhoan said the agency has been swamped with calls from people who received the e-mails because the message includes the actual phone number for the FBI headquarters in Washington. She said FBI operators have had their hands full routing calls and complaints to its Internet Crime Complaint Center in West Virginia, which received more than 4,000 complaints about the worm on Monday alone. The ICC typically receives 18,000 complaints each month.

Finnish anti-virus firm F-Secure calls the latest Sober outbreak the largest e-mail worm epidemic so far this year. UK-based e-mail security company MessageLabs said it has intercepted more than 2.7 million copies of Sober and its variants, noting that "the size of the attack indicates that this is a major offensive, certainly one of the largest in the last few months."

The criminals behind the Sober family of worms usually release several variants of the worm at once, each one altered slightly to evade detection by anti-virus software; security firms often take several hours to push out new virus definitions that their software uses to spot the worm.

The Sober worm uses its own e-mail engine to blast copies of itself out to all of the addresses found on an infected computer. Sober kills a long list of security applications that may be running, including anti-virus and firewall software, and prevents the victim from visiting a long list of security-related Web sites. Finally, it opens a backdoor on the infected machine, allowing attackers to upload whatever software they want.

As usual, be extremely cautious about clicking on links and opening e-mail attachments, even if they appear to come from someone you know. As Sober illustrates, you cannot always depend on scanning an attachment with anti-virus software to be sure it is safe to open. If you have any doubts about the integrity of an attachment or weren't expecting it, contact the person who sent it.

By Brian Krebs  |  November 23, 2005; 10:22 AM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Incomplete Advice From Uncle Sam
Next: Symantec to Ditch Sygate Firewall

Comments

Wow! Very useful alert. Well this cant be the biggest ever release as touted by the reports.

Bye
:-)

Posted by: ishaan prasad | November 23, 2005 11:37 AM | Report abuse

I have received 37 infected emails in the last 24 hours and more continue to arrive.

What sickness infects these people who do this kind of thing?

Posted by: Tony L - Montreal | November 23, 2005 12:20 PM | Report abuse

Some people are insane (blowing themselves up so they can get a few more virgins--still haven't met one on earth), and some people are just jerks. They don't have a voice because nobody will listen because they ARE nuts, so they perpetuate their upset behaviour by making viruses/worms so they can sit in the dark and giggle? Losers (capital 'L').

Posted by: American | November 23, 2005 12:27 PM | Report abuse

let me guess...for windose!!
guess i'll be working overtime!!

C's

Posted by: mo-money | November 23, 2005 12:30 PM | Report abuse

I'm glad I'm running Ubuntu distribution of Linux :) I highly recommend installing it, it installs and runs like windoz, has open office (word equivalent, excel equivalent, access equivalent, etc). It's secure, and doesn't get attacked by viruses and worms!

Posted by: Jenya | November 23, 2005 1:02 PM | Report abuse

These aren't merely jerks or anti-social people developing and releasing these worms. These are criminals who are doing it for illicit gain.

And they are able to operate in this manner, to take over YOUR computer, because of windows basic insecurity. I've had enough. I'm switching to Mac. It might be a little more expensive, but I am sick of all the down time I have with Windows. My time is valuable.

Posted by: Tony Fingerelbo | November 23, 2005 1:12 PM | Report abuse

Nice try suckers! Better luck next time...

Posted by: TheRuiner | November 23, 2005 1:35 PM | Report abuse

Tony Fingerelbo, windows isn't as much of a security issue as some of the dumb people that use it. I received the message but never opened the attachment. If people who use windows weren't so stupid, they could be skeptics first and delete this sort of thing instead of opening the wrong window (no pun intended) and spreading it to the rest of the world. :)

Posted by: My computer has worms | November 23, 2005 1:41 PM | Report abuse

Hey Tony. You already own a Mac you liar! I know you! You're trying to convert people by dissenting windows. Go to the religious blogs dork.

Posted by: Tony owns a Mac | November 23, 2005 1:43 PM | Report abuse

Tony owns a Mac? LMAO!

Posted by: Jimmer - Las Vegas | November 23, 2005 1:50 PM | Report abuse

Installing and using a Linux based operating system is one of the easiest ways to avoid tis kind of problem. I personally recommend SuSE, because it can be installed over the Internet. That means you don't even need installation DVD's to get a modern, full featured PC operating system that is immune from 99% of current viruses. Of course once enough users figure this out, the criminal element will shift their attention to Linux. When that happens, the open source software community will respond instantly with creative fixes and make a great operating system even better. Oh, and did I mention that Linux is free?

Posted by: Charly Q | November 23, 2005 2:00 PM | Report abuse

Don't you have to be dumber than a box of hammers to open one of these things, I mean from the FBI or CIA?

Posted by: Eric, Canada | November 23, 2005 2:07 PM | Report abuse

Well, you can download Suse OSS 10 now, but the kernel isn't supported with a variety of software yet, so you're stuck buying version 9.6-10 it for at least $56 bucks, which is inexpensive, but people need more technological knowledge (e.g. running gcc in a terminal to compile and install a program, etc.), the type of know-how that would prevent people from opening strange emails too wouldn't it? Free, probably not, inexpensive, sure. :)

Posted by: Linux is free, sort of | November 23, 2005 2:15 PM | Report abuse

Even if the FBI did send you a message demanding answers, why would you respond? Oh, you stick to the speed limit at all times, too.

Posted by: David | November 23, 2005 4:19 PM | Report abuse

"... they ARE nuts, so they perpetuate their upset behaviour by making viruses/worms so they can sit in the dark and giggle? Losers (capital 'L')."

Hmm... why don't you try to write/code... at least a prog that will "kill" all anti-virus and firewall kind of soft running very own shiny windows box... and once you do it - you can call author of Sober.* worms looser :o)

peace,

/L../

Posted by: Anonymous | November 23, 2005 4:30 PM | Report abuse

"... they ARE nuts, so they perpetuate their upset behaviour by making viruses/worms so they can sit in the dark and giggle? Losers (capital 'L')."

Why not first try to write some code that will "kill" all that fine anti-visus/worm and firewall soft on your shinny windows box before calling author of Sober.* loosers :o)

peace,

/L/

Posted by: S0beer | November 23, 2005 4:38 PM | Report abuse

hey /L/
learn to s-p-e-l-l

Posted by: Prevention deters detection | November 23, 2005 5:20 PM | Report abuse

"... they ARE nuts, so they perpetuate their upset behaviour by making viruses/worms so they can sit in the dark and giggle? Losers (capital 'L')."

Why not first try to write some code that will "kill" all that fine anti-visus/worm and firewall soft on your shinny windows box before calling author of Sober.* loosers :o)

Posted by: "Looser" | November 23, 2005 5:28 PM | Report abuse

Posted by: Losers | November 23, 2005 6:15 PM | Report abuse

What's particularly worrisome about this virus is that it uses good spelling! The virus writer, unlike most of his predecessors, actually knows English grammar and punctuation. Poorly written text was a major flaw of many past email worms.

Posted by: William | November 23, 2005 6:17 PM | Report abuse

Do you smell that? Smells like, like, sarcasm?

Posted by: SmellingBee | November 23, 2005 8:44 PM | Report abuse

My computer has worms wrote:
>>I received the message but never opened the attachment. If people who use windows weren't so stupid, they could be skeptics first and delete this sort of thing

Sometimes all they need is a bit of a reminder + technical fix for Windows:
http://www.horizondatasys.com/product_page.html?page_id=4

Posted by: Mark Odell | November 26, 2005 4:48 PM | Report abuse

So,which company has the fix for this new bug?

Posted by: Jim S-NY | November 28, 2005 7:04 PM | Report abuse

Posted by: Mark Odell | November 30, 2005 12:04 AM | Report abuse

Actually i actually get to see viruses and all that stuff in my emails that i download... AND the anti viruses, anti spam, anti adwares etc never see it...
USING this nice thing called MAGIC MAIL MONITOR [freeware] you see all your emails as ascii text and any binaries as some sort of BINHEX, UUE, UUX, BASE64, etc [same things that are on newsgroups to ensure all of their software is in ascii text form and legal in 98% of all countries] and the telling differences for the most part is when you see a ASCII TEXT [HTML is all ascii text] message that is encoded in the
binary formats and starts off with
NAME OF FILE = I Love You.html
CODE NUMBER
--------------0000015889999aaa1122000007
AND then you have this binary encoded message
Mhsdfhufsdfhjff-+-=098765gsdfgseh^%$#@ki
Muiopwethbjcv^%#$#{}:>

Posted by: Jerry K | December 1, 2005 2:07 AM | Report abuse

"error systame " virus name=khemr virus

Posted by: 223 | December 19, 2005 7:58 PM | Report abuse

the Best Virus Scan

Posted by: Hussain Ahmad | July 21, 2006 1:34 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company