Jump to content
Do Not Sell My Personal Information

Anyone Seen This Before


Recommended Posts

Just recieved an e mail saying

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.


Please answer our questions!

The list of questions are attached.

Yours faithfully,

Steven Allison

++++ Central Intelligence Agency -CIA-

++++ Office of Public Affairs

++++ Washington, D.C. 20505

++++ phone: (703) 482-0623

++++ 7:00 a.m. to 5:00 p.m., US Eastern time

However the attachment to it was a virus

The e-mail address was mail@cia.gov and was sent to x_mail-list@virgin.net

Is this just a scam or something else.

I know i don't go on any illegal websites :ph34r:

Link to comment
Share on other sites


If you subsrcribe to the trendmicro newsletter (the makers of pc cillin) you will receive emails on all the latest virus threats.. i got this one the other day..

Dear Trend Micro customer,

As of November 21, 2005 2:20 PM Pacific Standard Time (PST, GMT -8:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_SOBER.AG. TrendLabs has received several infection reports indicating that this malware is spreading in the USA, Belgium, Canada, Brazil, and New Zealand.

This memory-resident worm propagates by attaching a copy of itself to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Since it's email propagation does not require any user intervention, the user is often unaware that this worm is sending out email messages.

The email it sends out has the following details:

From: {Email address generated by this worm}

Subject: (any of the following)

• hi,_ive_a_new_mail_address

• Mail delivery failed

• Registration Confirmation

• smtp mail failed

• Spam: Registration Confirmation

• Your Password

• Your IP was logged

• Paris_Hilton_&_Nicole_Richie

• You visit illegal websites

Message body: (any of the following)

hey its me, my old address dont work at time. i dont know why?!

in the last days ive got some mails. i' think thaz your mails but im not sure!

plz read and check ...



This is an automatically generated Delivery Status Notification.

SMTP_Error []

I'm afraid I wasn't able to deliver your message.

This is a permanent error; I've given up. Sorry it didn't work out.

The full mail-text and header is attached


Account and Password Information are attached!

***** Go to: http://www.{random}.com

***** Email: {random}.com


Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.


Please answer our questions!

The list of questions are attached.

Yours faithfully,

Steven Allison

*** Federal Bureau of Investigation -FBI-

*** 935 Pennsylvania Avenue, NW, Room 3220

*** Washington, DC 20535

*** phone: (202) 324-3000


Account and Password Information are attached! ---

The Simple Life:

View Paris Hilton & Nicole Richie video clips , pictures & more  ;) 

Download is free until Jan, 2006!

Please use our Download manager.

Attachment: (any of the following)

• mailtext.zip

• mail.zip

• reg_pass.zip

• mail.zip

• reg_pass-data.zip

• question_list.zip

• list.zip

• downloadm

• mail_body.zip

The attached .ZIP file contains the copy of this worm using the following file name:


When executed, it displays a fake error message box in order to trick a user into thinking that the file did not properly execute.

This worm searches the process list of the affected system for mrt.exe, the Microsoft Windows Malicious Software Removal Tool process. If found, it terminates the said process thus making the system more vulnerable to malicious attacks.

TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy (Beta) - 187 (Released)

Official Pattern Release - 2.957.00 (ETA: 1.5 hrs)

Damage Cleanup Template - 678 (Being created)

Network Virus Wall - 10232 (Being created)

For more information on WORM_SOBER.AG, you can visit our Web site at:


You can modify subscription settings for Trend Micro newsletters at:



This message was sent by Trend Micro's Newsletters Editor using Responsys Interact .

To unsubscribe from Trend Micro's Newsletters Editor:


To update your subscription preference, or to change your email address:


To view our permission marketing policy:


Copyright 1989-2005 Trend Micro, Inc.  All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

Or.. if it would be allowed.. i could post them here for everyone to see when i get them.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...