Interesting Spam / Virus
I just got the following interesting email. It actually contained W32/Sober-gen, some kind of malware which Cornell removed for me, but the copy reads as follows:
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.Yours faithfully,
Steven Allison++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time
I’ve never seen a spam ploy that depends on making you feel guilty to get you to run some binary of theirs. This is true innovation!
| This entry was posted on Monday, November 21st, 2005 at 5:41 pm and is tagged with cia office of public affairs, central intelligence agency, steven allison, w32 sober, 703 482 0623, true innovation, ploy, eastern time, madam, malware, cornell, email, washington d c, cia, ip address, virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback. |
44 Responses to “Interesting Spam / Virus”
Leave a Reply
Spammers have come to this point. How sad.
I just recieved the same email and about 10 other emails that were from odd addresses. They all had the Sober malware attachment. Does anybody know how to stop this? Is it even a threat to my system?
I got the same mail today, contacted with CIA and FBI and send this e-mail to them.
I’m glad I did a google search & found this was just a scam. I figured something was up as I recieved 2 emails from Steven Allison – one said he was with the CIA & the other said he was with the FBI. Thanks for your imput & info.
Sorry, but don’t you guys actually look at the email before opening attachments?
It claims to be from the CIA/FBI but the email address of the email reports that it comes from anywhere but the CIA/FBI. And ask yourself how many times the FBI have sent notification of any offence via email, instead of kicking down the door at four in the morning? I’m still laughing at the idea.
Ok your AV software should keep this stuff out, but that’s no excuse for actually trying to get a virus. Go have a read of http://www.vmyths.com and learn how to spot these things before you get infected.
I just received this email from Steven Allison today, Dec 5, 2005.
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
I got it too.
What a loser.
I just loved the grammar mistakes found in the body of this E-Mail. I couldn’t stop laughing at the stupidity of the whole thing to begin with, but that was just one more laugh.
I had to laugh at this one. Other than using this IP for my work and going into Ebay once in a while, I have never accessed another website, so how can I be logged onto 30 different illegal websites.
I must be a piker. Steven tells me I’ve visited only *27* illegal websites.
I really need to surf more.
I too just got the same e mail. I sure am glad I did some checking on this because it sure was tempting to open!
thanks!
i also got this email, the guy is a scumbag and hopefully he gets caught and gets his balls kicked up his back, i would would luv to spend a couple of minutes with him
Steve from the CIA/FBI has also been in touch with me (although I’ve only managed 28 sites), which is peculiar as I am a British Citizen who lives in the UK, and therefore not under the jurisdiction of either body. Beside what crime fighty force would drop you an email to let you know you’ve been breaking the law!? Next I’ll be receiving an invitation to extradite myself in the post!
yes i also recieve this fake and stupid
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000@mail like this one
I’m not a geek. Just a talented amateur. Since the phone numbers are real, could this be a telephone denial of service attack? (ie. How many uninformed users will try to call cia/fbi?)
I just got this as well and was struck by the stupidity of this one. Above and beyond the fact that the format matches may of the e-mail virii that are out now, aren’t they technically impersonating a federal officer? I’m pretty sure that’s illegal. The addresses and phone numbers are sucked off the agency websites’ contact pages…I’ll be contacting them to report this. I’ll also be providing them with full header information to help them trace this back to the source.
http://www.cia.gov
http://www.fbi.gov
I got the same email. The headers show it originated from Italy.
Received: from unknown (HELO ANTONIOLI) ([81.88.231.137])
06 Dec 2005 06:38:23 -0500
Looked up 81.88.231.137 and it is an Italian ISP.
hi, I ve just received this mail twice in a few days, i’m italian therefore not subdued to the justice of fbi and cia and my only surfing in this pc is just about real madrid’s goal keeper and supporting him is not at all a crime!!!!
But this mail was pretty funny, the previous time I received an attempt to attack my pc they told me I was the next of kin of a dead millionarie….
They have such a fantasy
God bless you all
You guys are lucky to be getting this annoying email only 2 or 3 times. Since end November I have been receiving this same mail dozens of times a day at my business email address. Hitting the delete key is starting to give me carpal tunnel syndrome! Coincidentally, at about the same time I also started to get deluged with the same Spam email (virus attachment?) with the subject heading “Paris_Hilton_&_Nicole_Richie” or something similar. Are the two viruses related? It seems odd that I would start getting buried in both beginning at roughly the same time. I lot of people out there must be infected by now.
For God’s sake, please don’t open attachments and stop the spread of these things!
I just recieved it.i suppose that why are they doing that.what will they have.thanks to google…
Hi,
I live in Germany and have the same mail become. The CIA and FBI should kick this ******* in the ***.
God bless you all
How about this? When I got home last night from work, my wife had printed out this email and left it on my desk waiting for me! Can’t wait to show her this trail of emails – thanks!
I received the same mail.today 8.12. it was from
department@fbi.com
Even The Netherlands are recieving this shitload in the mailbox.
By the way… someone opened the attachment ? I dont know what’s in it. But i’m really curious
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
Department@fbi.gov Thu 12/8/05 1:14 AM
This ‘Steven Allison’ sent me threatening emails… telling me that my IP has been logged on illegal sites.I seriously hope the FBI catch this rouge person or persons and put them away from the society.
I’ve gotten both versions of the emails (fbi and cia) at both my domain emails (not at hotmail, only my domain ones) like 4 times today! (along with strange ‘your user information’ ones and ‘Paris_Hilton_and_Nicole_Richie’ ones… it’s quite annoying)
Hi, I’m a Chinese and I received the same email in Beijing today. It’s from Mail@fbi.gov to IDH6OL00.UY9@yahoo.com
I seached the guy’s name and then I see what you guys wrote. But what if someone takes this seriously?
I guess there must be some terrible virus within the attachment although I didn’t open it.
Mine didnt even have an attachment and it was from
kjahne@disabledparentsnetwork.com.
We have received this message 100 times from post@cia.gov! If you know of a way to stop this please let me know. It is getting very annoying!
I don’t think it’s a virus – I think someone is trying to jam the cia/fbi phones. and it’s working — if you call the phone number it really is the cia and they have a recording saying it’s a hoax.
Yes, it’s a virus (W32/Sober@MM!M681).
You can read all about it at:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=137072
Don’t bother tracing the IP addresses back–they’ll only lead you to an idiot who Un-zipped the attachment and ran the enclosed EXE. (Running it will produce what seems to be an error message, but means that you’ve just infected your system and are now sending out bogus e-mails.)
The CIA/FBI mail is just one of several e-mails that are generated (others include the Paris Hilton variation).
Sadly, there are people stupid enough to run the attachment. Somebody at one of my clients did so, and now I’m getting 3 to 5 virus-laden e-mails a day from them.
There’s not really any way to stop the messages. Your spam filters should learn to detect them. Make sure your anti-virus software is up-to-date (this one was released Nov 22, 2005).
And never, ever, open an attachment in an e-mail.
FrostedDonut
[...] I blogged before about a CIA related spam carrying a virus payload, and now I got another one, almost stranger than the first: [… a list of keywords, redacted] [...]
I got this E-mail, and it listed the CIA’s Public affairs phone: (703) 482-0623, instead of opening the attachment, I called the number, and it is real, but the recording does state that if you got an E-mail from Seteven Allison, to delete it.
That was funny!
I almost blamed the person staying with me for using my computer for illegal stuff! Then I did a search on this guy, and luckily found this site. Thanks for all your input!
I got the mail too, when in France, and therefore I did my own research -this time not in dirty pics websites- thats what our beloved CIA has to say and its published in their web, as follows:
If you’ve submitted an on-line resume at CIA.gov between December 7th and December 9th, 2005, we ask that you please submit it again.
If you receive unsolicited e-mail appearing to be from the CIA, like the recent e-mail falsely attributed to our public affairs office, the message is fake. The CIA never sends unsolicited e-mail to the public. If you are not expecting an e-mail from us, delete it. Do not open any attachment; it may contain malicious code that could damage your computer or mail itself to people in your e-mail address book.
I got the email, and was first very carefull with what I wrote in the reply. But before I pushed the send button I tried to open the zip, and then my respect suddenly disappeared. Even if the sender is president of USA he cannot place a worm on my computer and afterwards ask questions. It was detected by ClamWin.
dear sir,my name is frank live in united kingdom.i will like to tell you some people that do ileger work in londond city. i will be very happy if you can try to contact me.olaitex@yahoo.com
i just got this email too….
I AM SO SICK OF HAVING TO DEAL WITH **** LIKE THIS…WHY DONT THEY JUST LEAVE US ALONE. DAMN.
Me too got mail. I live in Korea.
What the f**k situation.
———–
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
question_list.zip
1K Download
hi,
i’ve got an e-mail similar like yours…
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
what is this???
I bought a new 2 way TEXT PAGER . Right out of the box I had the FBI 30 site e-mail and have received three more in less than a week. But I can’t open the list of questions
We will find all of you and hunt you down for visiting illegal websites.
You are on the list!
Call me if you want me to remove you, phone: (703) 482-0623
Steven Allison
CIA
I just got the CIA email that said my IP was logged. People must not have anything better to do now! The attachment was: question_list.zip