World Of Warcraft: New Sober Virus That Spoofs FBI and CIA

Over 2.7-million copies of a new Sober virus, many of which are being spoofed to appear as though they are sent from the FBI or the CIA. The first copy was stopped at 19:00 GMT on 21st November. The size of the attack indicates that this is a major offensive, certainly one of the largest in the last few months.

These emails suggest to recipients that their Internet use has been monitored by the FBI or CIA and that they have accessed illegal Web sites. The email directs users to open the ZIP attachment containing the executable, which once opened delivers the Sober virus payload. It then spreads by searching the infected computer for other email addresses to send copies of itself to, but ignoring any domains for certain security organizations.

The virus will send emails in German for domains ending .DE or .AT and a few others, with the remainder being sent in English. It seems that despite warnings, many recipients are still opening the emails allowing the virus to spread still further.

Email characteristics:

From: mail@fbi.gov,
post@fib.gov,
admin@fbi.gov

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:

Please answer our questions!

The list of questions are attached.

Yours faithfully,

++++ Central Intelligence Agency -CIA-

++++ Office of Public Affairs

++++ Washington, D.C. 20505

++++ phone: (703) 482-0623

++++ 7:00 a.m. to 5:00 p.m., US Eastern time

Attachment:

question_list.zip

list.zip

Size: </span>

54.2 KB (55,536 bytes)