A fake e-mail with a virus and purporting to be from the FBI is doing the rounds.
The impact in the UK should be limited that to the FBI being a US organisation, however sysadmins should account for the fact that the sort of people likely to open an unsolicited e-mail attachment are also likely to get excited about the idea of the FBI.
In an announcement yesterday, the bureau warned that the spams tells users that "their Internet use has been monitored by the FBI's Internet Fraud Complaint Center and that they have accessed illegal websites."
The bogus message then asks recipients to click on an attachment and answer some questions about their alleged illegal Internet use. But rather than being a questionnaire, the attachment contains a virus that infects the recipient's computer. It was not immediately clear what the virus does once it has infected a computer.
An FBI spokesman said that the agency discovered the fake e-mail over the weekend after several recipients of the messages notified the FBI.
The latest scam appears to be the first time a virus has been distributed through an e-mail allegedly from the FBI, he said. A previous scheme involved e-mails that lured recipients to a fake site that looked like the FBI's official site, then asked recipients to enter their credit card number and personal information to determine if their card was one that recently had been stolen.
The latest message has multiple misspellings and is written in broken English, Bresson said. "The wording is very poor, which helps us," he said. "We're hoping that that flags people that this is not legitimate."
The message warns recipients that their Internet use continues to be watched and that the alleged illegal activity should be halted. "If there will be anover (sic) attemption (sic) you will be busted," the message states. The FBI does not know if any victims of the scam have provided their credit card numbers or other information.
However it stated that it never sends official unsolicited e-mails to citizens for any reason and that any messages purporting to be from the agency should be ignored. Recipients can also report them to the FBI's Internet Crime Complaint Center.