The Federal Bureau of Investigation issued a warning about the scam yesterday, advising that the agency does not send out unsolicited emails to the public.
The emails read:
Dear Sir/Madam,
We have logged your IP-address on more than 30 illegal websites.
Important: Please answer our questions! The list of questions are attached.
Yours faithfully,
Steven Allison
Federal Bureau of Investigations - FBI -
Another version of the email appears to come from the Central Intelligence Agency, while a third version, in German, purports to come from a German law enforcement agency.
The emails began appearing on Monday and, according to internet security firm Sophos, by 2pm yesterday the worm accounted for over 61% of all viruses reported to the firm, making it the most prevalent virus spreading across the world.
According to security firm MessageLabs, which intercepted over 2.7 million copies of the new variant yesterday, the email directs users to open the attachment, which once opened delivers the Sober virus payload. It then spreads by searching the infected computer for other email addresses to send copies of itself to.
"This variant of the Sober worm may catch out the unwary as they open their email inbox this morning," said Graham Cluley, senior technology consultant at Sophos. "Every law-abiding citizen wants to help the police with their enquiries, and some will panic that they might be being falsely accused of visiting illegal websites and will click on the unsolicited email attachment.”
Never open an attachment unless you are certain, and it can't get you!