FBI and FAA email Heads UP

Hi All: A heads up: Yesterday I received an email that the sender line was from FAA.gov (Federal Aviation Administration) It had an attachment. As I do with all email with attachments, I saved it to a folder and deleted it from my inbox. Scanned the folder with Norton AV which was up to date with the latest definitions.

Norton gave the email a clean bill of health.

I opened the email, and it appeared genuine. From FAA.gov

The very official looking form told me that I had applied for a license/registration and that the attached form needed to be completed. Since Norton had given it a clean bill, I opened the attachment to see what it was all about. I was taken to a site, either by the attachment or clicking on link that certainly appeared to be the official FAA site. I have SpoofStick installed, told me I was on the FAA.gov site.


My machine was instantly infected with the sober worm.

I got rid of it by restoring a drive image.

Firing up the machine again, opened outlook express, and lo and behold there was an almost Identical email, this time supposedly from the FBI, also with an attachment. I scanned it and it also came up with a clean bill of health from Norton.

I opened the email (not the attachment). It was from FBI.gov, again a very official looking document. Identical to the FAA email in format. It told me that my IP address had been recorded and apparently was being investigated. Wanted me to open the attachment to answer questions.

I deleted the email and it's attachment believing that the sober worm would be installed again.

The question is, if both of these were bogus files, both had the sober worm in the attachment, how come Norton didn't find it and/or prevent it's installation?

Take care,

Martin

 

Thanks for the warning. Suspect the worm's too new for AV folks to have it in the defs., but it may also indicate a need for an additional AV program, to run manually as the need arises. Hope the FBI's not looking over your computer. And hope their computer's not really the source of that pest.

 

Thanks for the link Sparrow. In thinking about it, the infection occured when I clicked the link in the attachment. It did take me to a website that sure looked official. Whoever did this one is very clever. May he/she get the rot.

Take care,

Martin

 

Hey Christer, no offence, point taken.

Take care,

Martin

 

Hi martin and all.
See some info here.....
Snopes.com

Looks like this is going around, I had a "Mail Delivery Failed" here a couple days ago, which etrust AV nailed when I scanned it.
Geri

 

Hi Martin, thanks for the heads up.

Christer's point:
The common denominator in both cases is: If those authorities want to convey a message and I don't respond to their E-mail, they will use snailmail.

No one gets contacted by any government agency via e mail first unless you've initiated the contact.

First time contact is always by snail mail.

Regards - Charles

 

Hi Geri & all:

Thanks for the link, apparently I'm not alone, it led me to this, referring to FBI and CIA spoofed emails with the Sober X worm in the attachment:

From the Washington Post:

"This particular virus is a mass-mailer worm and is the largest one we have seen this year," said Alfred A. Huger, senior director of engineering at Symantec Corp., which sells Norton AntiVirus software. "It's as bad as it gets. With this particular type of virus on your system, there is a high probability that your personal information will be stolen. "

Craig Schmugar, a virus-research manager at McAfee Inc.'s Avert Labs, said his company, which also makes anti-virus software, had logged more than 73,000 consumer computers reporting detection since the worm was discovered Monday.

British e-mail security company MessageLabs Ltd. said it has intercepted more than 2.7 million copies of Sober and its variants, noting that "the size of the attack indicates that this is a major offensive, certainly one of the largest in the last few months. "

None of the articles though mention the FAA as a potential source, but believe me, they have been spoofed too.

Just beware

Take care,

Martin

 

Yeah, but I'll tell you that email from the FBI is kind of like getting email from IRS, in that I just got to know why they are messing with me. I surely don't have a guilty conscience, but I have had run ins with the IRS before and it was never pleasent.

Take care

Martin

 

Hi Martine,

Appreciate your feelings, I've had dealings with the IRS, I'm self employed and do deal with them via email sometimes. But I initiated that mode.

Logically, no one, including Government agencies can know for certain who's behind an email address.

Your name and address - drivers license - tax records, etc are part of local and state records, that's where the Feds are going to go to find out who and where you are. Anyone in your household or circle of acquaintances or an ID thief can use your email address.

Regards - Charles