Fake FBI virus hits computers

A Windows virus that warns users about illegal net use is spreading online. The bug-bearing message claims to come from either the FBI, CIA or German BKA police agency, and warns users they have been detected visiting illegal sites.

Those opening a questionnaire attached to the message will be infected by a variant of the well-known Sober virus.

Anti-virus firms have caught millions of copies of the malicious program, suggesting a lot of people have fallen

for the fake warning.

Web watch

The Windows virus started circulating on 22 November and mail filtering firm MessageLabs said it caught almost three million copies of the Sober variant in the first 24 hours of the outbreak. By the end of Wednesday Postini said it had netted more than seven million copies of the bug.

The virus travels in an e-mail message with the subject line of "You visit illegal websites" or "Your IP was logged".

The body text of the message makes it appear as if the recipient has been caught by the FBI, CIA or BKA browsing 30 illegal sites and asks them to fill in an attached form about this activity.

Anyone clicking on the attached form gets a fake error message while, in the background, the virus starts plundering an infected PC for e-mail addresses to send itself to.

Responding to the outbreak the FBI said: "These e-mails did not come from the FBI."

It added: "Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner."

The virus also comes in varieties that purport to hold a video of Paris Hilton, fake password change notices and e-mail error messages. It can only infect those using Windows PCs.

F-Secure said the outbreak was the "biggest of the year" and Symantec said the virus was spreading very fast in the wild. Statistics gathered by Trend Micro suggest that most victims were in North America.

The spread of the virus slowed on Wednesday but anti-virus firms urged users to update their protection and not to click on attachments to unsolicited e-mail messages.

The first Sober virus was found in October 2005 and there have been 25 variants released since then. This latest variant checks to see if a machine has been infected by earlier versions and tries to shut them down so it can do its work, the BBC reports.

V.Y.