Jump to content
Do Not Sell My Personal Information


Anyone Seen This Before


littlewener
 Share

Recommended Posts

Just recieved an e mail saying

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:

Please answer our questions!

The list of questions are attached.

Yours faithfully,

Steven Allison

++++ Central Intelligence Agency -CIA-

++++ Office of Public Affairs

++++ Washington, D.C. 20505

++++ phone: (703) 482-0623

++++ 7:00 a.m. to 5:00 p.m., US Eastern time

However the attachment to it was a virus

The e-mail address was mail@cia.gov and was sent to x_mail-list@virgin.net

Is this just a scam or something else.

I know i don't go on any illegal websites :ph34r:

Link to comment
Share on other sites


It's WORM_SOBER.AG

If you subsrcribe to the trendmicro newsletter (the makers of pc cillin) you will receive emails on all the latest virus threats.. i got this one the other day..

Dear Trend Micro customer,

As of November 21, 2005 2:20 PM Pacific Standard Time (PST, GMT -8:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_SOBER.AG. TrendLabs has received several infection reports indicating that this malware is spreading in the USA, Belgium, Canada, Brazil, and New Zealand.

This memory-resident worm propagates by attaching a copy of itself to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Since it's email propagation does not require any user intervention, the user is often unaware that this worm is sending out email messages.

The email it sends out has the following details:

From: {Email address generated by this worm}

Subject: (any of the following)

• hi,_ive_a_new_mail_address

• Mail delivery failed

• Registration Confirmation

• smtp mail failed

• Spam: Registration Confirmation

• Your Password

• Your IP was logged

• Paris_Hilton_&_Nicole_Richie

• You visit illegal websites

Message body: (any of the following)

hey its me, my old address dont work at time. i dont know why?!

in the last days ive got some mails. i' think thaz your mails but im not sure!

plz read and check ...

cyaaaaaaa

---

This is an automatically generated Delivery Status Notification.

SMTP_Error []

I'm afraid I wasn't able to deliver your message.

This is a permanent error; I've given up. Sorry it didn't work out.

The full mail-text and header is attached

---

Account and Password Information are attached!

***** Go to: http://www.{random}.com

***** Email: {random}.com

---

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:

Please answer our questions!

The list of questions are attached.

Yours faithfully,

Steven Allison

*** Federal Bureau of Investigation -FBI-

*** 935 Pennsylvania Avenue, NW, Room 3220

*** Washington, DC 20535

*** phone: (202) 324-3000

---

Account and Password Information are attached! ---

The Simple Life:

View Paris Hilton & Nicole Richie video clips , pictures & more  ;) 

Download is free until Jan, 2006!

Please use our Download manager.

Attachment: (any of the following)

• mailtext.zip

• mail.zip

• reg_pass.zip

• mail.zip

• reg_pass-data.zip

• question_list.zip

• list.zip

• downloadm

• mail_body.zip

The attached .ZIP file contains the copy of this worm using the following file name:

File-packed_dataInfo.exe

When executed, it displays a fake error message box in order to trick a user into thinking that the file did not properly execute.

This worm searches the process list of the affected system for mrt.exe, the Microsoft Windows Malicious Software Removal Tool process. If found, it terminates the said process thus making the system more vulnerable to malicious attacks.

TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy (Beta) - 187 (Released)

Official Pattern Release - 2.957.00 (ETA: 1.5 hrs)

Damage Cleanup Template - 678 (Being created)

Network Virus Wall - 10232 (Being created)

For more information on WORM_SOBER.AG, you can visit our Web site at:

http://www.trendmicro.com/vinfo/virusencyc...e=WORM_SOBER.AG

You can modify subscription settings for Trend Micro newsletters at:

http://www.trendmicro.com/subscriptions/default.asp

______________________________________________________________________

This message was sent by Trend Micro's Newsletters Editor using Responsys Interact .

To unsubscribe from Trend Micro's Newsletters Editor:

    http://trendnewsletter.rsc03.net/servlet/o...LRhgKLkDJhDNrE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/w...8.26y_7.3d_z18z

To view our permission marketing policy:

    http://www.rsvp0.net

Copyright 1989-2005 Trend Micro, Inc.  All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

Or.. if it would be allowed.. i could post them here for everyone to see when i get them.

Link to comment
Share on other sites


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...




Forums


News


Membership