Author Topic: Suspicious F.B.I. e-mail (Read 6120 times)

ironchefsteve · « **on:** November 23, 2005, 03:49:44 AM »

Hi there. I just opened up outlook express and found an e-mail from supposedly
the F.B.I. saying that my IP address has been listed on more than 30 illegal
websites. It then goes on to demand that I answer a series of questions from
them, and it is included in an attachment. The attachment is zipped and titled
"question_list.zip". After unzipping it, I found that the "list" was an executable file
named "File-packed_dataInfo". The file is 55,390 bytes in size. The most interesting
thing about this is that the e-mail is addressed to poised@peoplepc.com, yet sent to
my e-mail account. I hesitate to open it because I've been burned before from viruses.

A few Questions:

1 - Has anyone recieved this kind of e-mail recently, and is it bogus?

2 - Is this attachment a virus of some sort?

If anyone can help me with this, I would be most grateful, as I resent being sent
any e-mails like this accusing me of such crap.

<<<E-mail is as follows>>>
+-------------------------------+

From: <Admin@fbi.gov>
To: <poised@peoplepc.com>
Subject: You visit illegal websites
Date: Tuesday, November 22, 2005 8:40 AM

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison

*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000

compmanio36 · « **Reply #1 on:** November 23, 2005, 04:23:27 AM »

Very bogus. It is infected with the latest version of the Sober worm. Someone else who is infected with the virus is being used to send these emails through their computer by the virus. That's how a worm works to spread itself. I just got about 30-40 of these emails in my Hotmail inbox.

I think if the FBI really had a problem with you, they would send a signed, registered letter or a give you a phone call.

Have you scanned it with Avast? Does it come up with a warning, and if so, what does it say it is infected with? I'm not sure Avast has detection for this variant yet.....whatever you do, don't open the zip. Just use the right-click context menu scan. If nothing comes up, the latest VPS can't detect the virus yet. Just delete it and hopefully the next VPS update will have the detections for this nasty.

Spiritsongs · « **Reply #2 on:** November 23, 2005, 08:51:54 AM »

On Monday Nov 21, one of the national TV stations had
a news report of this and an interview with a FBI spokes-
person who said this is NOT from them and do not open it.
The FBI person said they do NOT send unsolicited emails
to people .

RejZoR · « **Reply #3 on:** November 23, 2005, 11:55:12 AM »

First of all its not sent spicifically to you, second they can't track your IP (most probably you use dynamic IP and third they can't get email adress from IP

It's a scam that spreads Sober worm. Just delete it.

DavidR · « **Reply #4 on:** November 23, 2005, 03:19:54 PM »

The F.B.I don't send emails, they kick your door in

polonus · « **Reply #5 on:** November 23, 2005, 08:55:49 PM »

Hi DavidR,

Probably not, first the FBI would come and warn you against these e-mails, as would the CIA and the Bundeskriminalambt of Germany,who also are named in these cleverly socially engineered virus-mails trying to send Sober to your inbox. The best thing you can do is delete it at the server, for instance with Mailwasher. And nobody is allowed to kick in your door without giving you due notice.

regards,

polonus

DavidR · « **Reply #6 on:** November 23, 2005, 09:05:22 PM »

I guess you missed the smiley at the end of my post

it was a joke, British dry humour.

polonus · « **Reply #7 on:** November 24, 2005, 11:17:25 AM »

Hi DavidR,

Off course I know that. Responding to UK dry humours is enhancing the effects of it.

greets,

polonus

Starfighter · « **Reply #8 on:** November 25, 2005, 04:56:42 AM »

Ooops, I just replied to this subject matter, but I accidentally put it into a new thread by mistake, and I don't know how to move it back into this thread... but my post is now here:

http://forum.avast.com/index.php?topic=17644.0

polonus · « **Reply #9 on:** November 25, 2005, 09:56:25 AM »

Howdy Starfighter,

That is not your job. You can ask the moderator(s) to do that for you. And they will. The same as you go answering in stickies that are mainly informational, they open a new thread for you if you ask them to do so.

Things are getting serious for you when you get mail from the F.B.I. moderators, hi hi. Oh but now I am putting ideas into the head of the social engineer.

polonus

ironchefsteve · « **Reply #10 on:** November 26, 2005, 12:03:15 AM »

So... this new worm is called Sober X. Has Avast! found a way to counter it yet?

polonus · « **Reply #11 on:** November 26, 2005, 01:04:11 AM »

Hi ironchefsteve,

Anyways from this site:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.removal.tool.html?Open
you can download the removal tool.

greets,

polonus

Author Topic: Suspicious F.B.I. e-mail (Read 6120 times)

ironchefsteve

Suspicious F.B.I. e-mail

compmanio36

Re: Suspicious F.B.I. e-mail

Spiritsongs

Re: Suspicious F.B.I. e-mail

RejZoR

Re: Suspicious F.B.I. e-mail

DavidR

Re: Suspicious F.B.I. e-mail

polonus

Re: Suspicious F.B.I. e-mail

DavidR

Re: Suspicious F.B.I. e-mail

polonus

Re: Suspicious F.B.I. e-mail

Starfighter

Re: Suspicious F.B.I. e-mail

polonus

Re: Suspicious F.B.I. e-mail

ironchefsteve

Re: Suspicious F.B.I. e-mail

polonus

Re: Suspicious F.B.I. e-mail