From Scambusters.com:
A Developing Trend in Email Viruses
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
We've recently gotten a lot of additional email which points to a file that is supposedly about you. The idea is that because the info in the file is about you, you should open it. If you do, you (inadvertently) spread a virus.
Two recent examples of this are:
--
Subject: Stolen document
I found this document about you.
+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com
--
Subject: Internet Provider Abuse
You have visited illegal websites.
I have a big list of the websites you surfed.
--
Both are examples of the Netsky virus. You can read more about it -- including how to remove it -- at:
==> http://scambusters.org/a/symantec.html
There are two disturbing trends here:
1. The email claims to have info about you that is supposedly important for you to see (thereby increasing the likelihood you'll spread the virus); and
2. Incorrect info that no virus was found in the first message (when, in fact, the attachment is an infected file).
Our recommendations: Be aware that spammers and virus creators are getting more sophisticated. We've talked about this a lot lately in terms of phishing scams -- and you can see this is true for viruses as well. Be VERY careful about opening any attachments, and follow the virus advice we've shared in past issues. Visit:
==> http://www.scambusters.org/anti-virus.html
And from urbanlegends.com:
Search
var ziRfw=0;for(var i=0;i-1)ziRfw=i;
if(ziRfw>0){w("Urban Legends and Folklore#gh,#site{display:none}");zau(256,615,130,'wg','http://z.about.com/6/o/cw.htm?gs=urbanlegends&ziRfw='+ziRfw,'')}
Urban Legends and Folklore
#gh,#site{display:none}
Urban Legends and Folklore
FBI Warning: You Visit Illegal Websites
Netlore Archive: Beware messages purporting to originate from the FBI (or CIA) that accuse you of visiting illegal Websites. These messages are unauthorized and arrive with an attachment containing a variant of the 'Sober' virus
Description: Virus-bearing messageCirculating since: Feb. 2005Status: Malicious file attachedAnalysis: See below
Variant #1: Email example contributed by A. Edwards, 22 February 2005:
Dear Sir/Madam,
we have logged your IP-address on more than 40 illegal Websites.
Important: Please answer our questions! The list of questions are attached.
Yours faithfully, M. John Stellford
Federal Bureau of Investigation -FBI- 935 Pennsylvania Avenue, NW, Room 2130 Washington, DC 20535 (202) 324-3000 Variant #2: Email example contributed anonymously, 21 November 2005:
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important: Please answer our questions! The list of questions are attached.
Yours faithfully, Steven Allison
++++ Central Intelligence Agency -CIA- ++++ Office of Public Affairs ++++ Washington, D.C. 20505
++++ phone: (703) 482-0623 ++++ 7:00 a.m. to 5:00 p.m., US Eastern time
from www.intuitive.com
But let's say that you are paranoid, guilty, and afraid that you have somehow violated the law and visited illegal Web sites. Why would you then click on a ZIP archive? If it were a ".doc" Word file, maybe, but a ZIP file?
If you do unpack the ZIP archive, you'll find that there's a file inside called "doc_data-text.txt.pif" which leads to another question: is there ever a legitimate reason to receive a .pif file? In case you're curious, the answer, as far as I can tell, is "no". The PIF extension denotes a Windows Program Information File and even neutral third-party sites describe the format as "Program Information File dates back to the early versions of Windows. Basically, it's an information file that when you click on it the information in the file is used by Windows to run some program; including code that can be in the PIF file. It is a potentially dangerous file type and one should never click on one received via E-mail without extensive knowledge of exactly what it will do first. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension." (source).
I usually don't believe that it's the responsibility of the user to avoid spams and scams -- I'd like to see the system solve these problems, the network infrastructure companies and the end-product providers (like Microsoft) -- but in situations like this, the raw stupidity of people who believe that the FBI is sending them a legitimate questionnaire, well, it's just astonishing. A little bit of user education would go a long way to making this sort of scam a footnote, not a news story.
A Developing Trend in Email Viruses
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
We've recently gotten a lot of additional email which points to a file that is supposedly about you. The idea is that because the info in the file is about you, you should open it. If you do, you (inadvertently) spread a virus.
Two recent examples of this are:
--
Subject: Stolen document
I found this document about you.
+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com
--
Subject: Internet Provider Abuse
You have visited illegal websites.
I have a big list of the websites you surfed.
--
Both are examples of the Netsky virus. You can read more about it -- including how to remove it -- at:
==> http://scambusters.org/a/symantec.html
There are two disturbing trends here:
1. The email claims to have info about you that is supposedly important for you to see (thereby increasing the likelihood you'll spread the virus); and
2. Incorrect info that no virus was found in the first message (when, in fact, the attachment is an infected file).
Our recommendations: Be aware that spammers and virus creators are getting more sophisticated. We've talked about this a lot lately in terms of phishing scams -- and you can see this is true for viruses as well. Be VERY careful about opening any attachments, and follow the virus advice we've shared in past issues. Visit:
==> http://www.scambusters.org/anti-virus.html
And from urbanlegends.com:
Search
var ziRfw=0;for(var i=0;i-1)ziRfw=i;
if(ziRfw>0){w("Urban Legends and Folklore#gh,#site{display:none}");zau(256,615,130,'wg','http://z.about.com/6/o/cw.htm?gs=urbanlegends&ziRfw='+ziRfw,'')}
Urban Legends and Folklore
#gh,#site{display:none}
Urban Legends and Folklore
FBI Warning: You Visit Illegal Websites
Netlore Archive: Beware messages purporting to originate from the FBI (or CIA) that accuse you of visiting illegal Websites. These messages are unauthorized and arrive with an attachment containing a variant of the 'Sober' virus
Description: Virus-bearing messageCirculating since: Feb. 2005Status: Malicious file attachedAnalysis: See below
Variant #1: Email example contributed by A. Edwards, 22 February 2005:
Dear Sir/Madam,
we have logged your IP-address on more than 40 illegal Websites.
Important: Please answer our questions! The list of questions are attached.
Yours faithfully, M. John Stellford
Federal Bureau of Investigation -FBI- 935 Pennsylvania Avenue, NW, Room 2130 Washington, DC 20535 (202) 324-3000 Variant #2: Email example contributed anonymously, 21 November 2005:
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important: Please answer our questions! The list of questions are attached.
Yours faithfully, Steven Allison
++++ Central Intelligence Agency -CIA- ++++ Office of Public Affairs ++++ Washington, D.C. 20505
++++ phone: (703) 482-0623 ++++ 7:00 a.m. to 5:00 p.m., US Eastern time
from www.intuitive.com
But let's say that you are paranoid, guilty, and afraid that you have somehow violated the law and visited illegal Web sites. Why would you then click on a ZIP archive? If it were a ".doc" Word file, maybe, but a ZIP file?
If you do unpack the ZIP archive, you'll find that there's a file inside called "doc_data-text.txt.pif" which leads to another question: is there ever a legitimate reason to receive a .pif file? In case you're curious, the answer, as far as I can tell, is "no". The PIF extension denotes a Windows Program Information File and even neutral third-party sites describe the format as "Program Information File dates back to the early versions of Windows. Basically, it's an information file that when you click on it the information in the file is used by Windows to run some program; including code that can be in the PIF file. It is a potentially dangerous file type and one should never click on one received via E-mail without extensive knowledge of exactly what it will do first. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension." (source).
I usually don't believe that it's the responsibility of the user to avoid spams and scams -- I'd like to see the system solve these problems, the network infrastructure companies and the end-product providers (like Microsoft) -- but in situations like this, the raw stupidity of people who believe that the FBI is sending them a legitimate questionnaire, well, it's just astonishing. A little bit of user education would go a long way to making this sort of scam a footnote, not a news story.
Comments