Interesting Spam / Virus
I just got the following interesting email. It actually contained W32/Sober-gen, some kind of malware which Cornell removed for me, but the copy reads as follows:
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.Yours faithfully,
Steven Allison++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time
I’ve never seen a spam ploy that depends on making you feel guilty to get you to run some binary of theirs. This is true innovation!
This entry was posted on Monday, November 21st, 2005 at 5:41 pm and is tagged with cia office of public affairs, central intelligence agency, steven allison, w32 sober, 703 482 0623, true innovation, ploy, eastern time, madam, malware, cornell, email, washington d c, cia, ip address, virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.
on November 21st, 2005 at 8:40 pm
Spammers have come to this point. How sad.
on November 30th, 2005 at 5:05 pm
I just recieved the same email and about 10 other emails that were from odd addresses. They all had the Sober malware attachment. Does anybody know how to stop this? Is it even a threat to my system?
on December 5th, 2005 at 7:29 am
I got the same mail today, contacted with CIA and FBI and send this e-mail to them.
on December 5th, 2005 at 9:53 am
I’m glad I did a google search & found this was just a scam. I figured something was up as I recieved 2 emails from Steven Allison - one said he was with the CIA & the other said he was with the FBI. Thanks for your imput & info.
on December 5th, 2005 at 10:12 am
Sorry, but don’t you guys actually look at the email before opening attachments?
It claims to be from the CIA/FBI but the email address of the email reports that it comes from anywhere but the CIA/FBI. And ask yourself how many times the FBI have sent notification of any offence via email, instead of kicking down the door at four in the morning? I’m still laughing at the idea.
Ok your AV software should keep this stuff out, but that’s no excuse for actually trying to get a virus. Go have a read of www.vmyths.com and learn how to spot these things before you get infected.
on December 5th, 2005 at 11:38 am
I just received this email from Steven Allison today, Dec 5, 2005.
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
on December 5th, 2005 at 12:31 pm
I got it too.
What a loser.
on December 5th, 2005 at 1:12 pm
I just loved the grammar mistakes found in the body of this E-Mail. I couldn’t stop laughing at the stupidity of the whole thing to begin with, but that was just one more laugh.
on December 5th, 2005 at 2:25 pm
I had to laugh at this one. Other than using this IP for my work and going into Ebay once in a while, I have never accessed another website, so how can I be logged onto 30 different illegal websites.
on December 5th, 2005 at 4:52 pm
I must be a piker. Steven tells me I’ve visited only *27* illegal websites.
I really need to surf more.
on December 5th, 2005 at 5:23 pm
I too just got the same e mail. I sure am glad I did some checking on this because it sure was tempting to open!
thanks!
on December 5th, 2005 at 7:00 pm
i also got this email, the guy is a scumbag and hopefully he gets caught and gets his balls kicked up his back, i would would luv to spend a couple of minutes with him
on December 6th, 2005 at 5:33 am
Steve from the CIA/FBI has also been in touch with me (although I’ve only managed 28 sites), which is peculiar as I am a British Citizen who lives in the UK, and therefore not under the jurisdiction of either body. Beside what crime fighty force would drop you an email to let you know you’ve been breaking the law!? Next I’ll be receiving an invitation to extradite myself in the post!
on December 6th, 2005 at 6:00 am
yes i also recieve this fake and stupid
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000@mail like this one
on December 6th, 2005 at 6:28 am
I’m not a geek. Just a talented amateur. Since the phone numbers are real, could this be a telephone denial of service attack? (ie. How many uninformed users will try to call cia/fbi?)
on December 6th, 2005 at 8:27 am
I just got this as well and was struck by the stupidity of this one. Above and beyond the fact that the format matches may of the e-mail virii that are out now, aren’t they technically impersonating a federal officer? I’m pretty sure that’s illegal. The addresses and phone numbers are sucked off the agency websites’ contact pages…I’ll be contacting them to report this. I’ll also be providing them with full header information to help them trace this back to the source.
www.cia.gov
www.fbi.gov
on December 6th, 2005 at 8:39 am
I got the same email. The headers show it originated from Italy.
Received: from unknown (HELO ANTONIOLI) ([81.88.231.137])
06 Dec 2005 06:38:23 -0500
Looked up 81.88.231.137 and it is an Italian ISP.
on December 6th, 2005 at 12:32 pm
hi, I ve just received this mail twice in a few days, i’m italian therefore not subdued to the justice of fbi and cia and my only surfing in this pc is just about real madrid’s goal keeper and supporting him is not at all a crime!!!!
But this mail was pretty funny, the previous time I received an attempt to attack my pc they told me I was the next of kin of a dead millionarie….
They have such a fantasy
God bless you all
on December 6th, 2005 at 11:57 pm
You guys are lucky to be getting this annoying email only 2 or 3 times. Since end November I have been receiving this same mail dozens of times a day at my business email address. Hitting the delete key is starting to give me carpal tunnel syndrome! Coincidentally, at about the same time I also started to get deluged with the same Spam email (virus attachment?) with the subject heading “Paris_Hilton_&_Nicole_Richie” or something similar. Are the two viruses related? It seems odd that I would start getting buried in both beginning at roughly the same time. I lot of people out there must be infected by now.
For God’s sake, please don’t open attachments and stop the spread of these things!
on December 7th, 2005 at 6:31 am
I just recieved it.i suppose that why are they doing that.what will they have.thanks to google…
on December 7th, 2005 at 12:51 pm
Hi,
I live in Germany and have the same mail become. The CIA and FBI should kick this ******* in the ***.
God bless you all
on December 8th, 2005 at 4:45 am
How about this? When I got home last night from work, my wife had printed out this email and left it on my desk waiting for me! Can’t wait to show her this trail of emails - thanks!
on December 8th, 2005 at 5:53 am
I received the same mail.today 8.12. it was from
department@fbi.com
on December 8th, 2005 at 9:20 am
Even The Netherlands are recieving this shitload in the mailbox.
on December 8th, 2005 at 9:27 am
By the way… someone opened the attachment ? I dont know what’s in it. But i’m really curious
on December 8th, 2005 at 12:08 pm
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
Department@fbi.gov Thu 12/8/05 1:14 AM
This ‘Steven Allison’ sent me threatening emails… telling me that my IP has been logged on illegal sites.I seriously hope the FBI catch this rouge person or persons and put them away from the society.
on December 8th, 2005 at 2:41 pm
I’ve gotten both versions of the emails (fbi and cia) at both my domain emails (not at hotmail, only my domain ones) like 4 times today! (along with strange ‘your user information’ ones and ‘Paris_Hilton_and_Nicole_Richie’ ones… it’s quite annoying)
on December 9th, 2005 at 2:17 am
Hi, I’m a Chinese and I received the same email in Beijing today. It’s from Mail@fbi.gov to IDH6OL00.UY9@yahoo.com
I seached the guy’s name and then I see what you guys wrote. But what if someone takes this seriously?
I guess there must be some terrible virus within the attachment although I didn’t open it.
on December 9th, 2005 at 12:36 pm
Mine didnt even have an attachment and it was from
kjahne@disabledparentsnetwork.com.
on December 13th, 2005 at 2:02 pm
We have received this message 100 times from post@cia.gov! If you know of a way to stop this please let me know. It is getting very annoying!
on December 13th, 2005 at 2:19 pm
I don’t think it’s a virus - I think someone is trying to jam the cia/fbi phones. and it’s working — if you call the phone number it really is the cia and they have a recording saying it’s a hoax.
on December 14th, 2005 at 11:07 am
Yes, it’s a virus (W32/Sober@MM!M681).
You can read all about it at:
us.mcafee.com/virusInfo/default.asp?id=description&virus_k=137072
Don’t bother tracing the IP addresses back–they’ll only lead you to an idiot who Un-zipped the attachment and ran the enclosed EXE. (Running it will produce what seems to be an error message, but means that you’ve just infected your system and are now sending out bogus e-mails.)
The CIA/FBI mail is just one of several e-mails that are generated (others include the Paris Hilton variation).
Sadly, there are people stupid enough to run the attachment. Somebody at one of my clients did so, and now I’m getting 3 to 5 virus-laden e-mails a day from them.
There’s not really any way to stop the messages. Your spam filters should learn to detect them. Make sure your anti-virus software is up-to-date (this one was released Nov 22, 2005).
And never, ever, open an attachment in an e-mail.
FrostedDonut
on December 16th, 2005 at 9:32 pm
[…] I blogged before about a CIA related spam carrying a virus payload, and now I got another one, almost stranger than the first: [… a list of keywords, redacted] […]
on December 17th, 2005 at 10:38 am
I got this E-mail, and it listed the CIA’s Public affairs phone: (703) 482-0623, instead of opening the attachment, I called the number, and it is real, but the recording does state that if you got an E-mail from Seteven Allison, to delete it.
That was funny!
on December 20th, 2005 at 10:08 am
I almost blamed the person staying with me for using my computer for illegal stuff! Then I did a search on this guy, and luckily found this site. Thanks for all your input!
on December 20th, 2005 at 12:07 pm
I got the mail too, when in France, and therefore I did my own research -this time not in dirty pics websites- thats what our beloved CIA has to say and its published in their web, as follows:
If you’ve submitted an on-line resume at CIA.gov between December 7th and December 9th, 2005, we ask that you please submit it again.
If you receive unsolicited e-mail appearing to be from the CIA, like the recent e-mail falsely attributed to our public affairs office, the message is fake. The CIA never sends unsolicited e-mail to the public. If you are not expecting an e-mail from us, delete it. Do not open any attachment; it may contain malicious code that could damage your computer or mail itself to people in your e-mail address book.
on December 21st, 2005 at 11:26 am
I got the email, and was first very carefull with what I wrote in the reply. But before I pushed the send button I tried to open the zip, and then my respect suddenly disappeared. Even if the sender is president of USA he cannot place a worm on my computer and afterwards ask questions. It was detected by ClamWin.
on December 22nd, 2005 at 7:06 pm
dear sir,my name is frank live in united kingdom.i will like to tell you some people that do ileger work in londond city. i will be very happy if you can try to contact me.olaitex@yahoo.com
on December 28th, 2005 at 3:20 pm
i just got this email too….
I AM SO SICK OF HAVING TO DEAL WITH **** LIKE THIS…WHY DONT THEY JUST LEAVE US ALONE. DAMN.
on December 29th, 2005 at 10:59 am
Me too got mail. I live in Korea.
What the f**k situation.
———–
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
question_list.zip
1K Download
on December 30th, 2005 at 2:30 pm
hi,
i’ve got an e-mail similar like yours…
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
what is this???
on January 2nd, 2006 at 12:44 am
I bought a new 2 way TEXT PAGER . Right out of the box I had the FBI 30 site e-mail and have received three more in less than a week. But I can’t open the list of questions
on January 2nd, 2006 at 3:37 am
We will find all of you and hunt you down for visiting illegal websites.
You are on the list!
Call me if you want me to remove you, phone: (703) 482-0623
Steven Allison
CIA
on January 3rd, 2006 at 8:30 pm
I just got the CIA email that said my IP was logged. People must not have anything better to do now! The attachment was: question_list.zip