{"id":95677,"date":"2005-11-23T04:07:00","date_gmt":"2005-11-23T04:07:00","guid":{"rendered":"http:\/\/a57395a5-1dfb-11e4-aedf-250bc8c9958e"},"modified":"2005-11-23T04:07:00","modified_gmt":"2005-11-23T04:07:00","slug":"a57395b9-1dfb-11e4-aedf-250bc8c9958e","status":"publish","type":"post","link":"https:\/\/www.saipantribune.com\/index.php\/a57395b9-1dfb-11e4-aedf-250bc8c9958e\/","title":{"rendered":"FBI warns of virus on fraudulently addressed e-mail"},"content":{"rendered":"<p>Starting Nov. 21, 2005, field offices of the Federal Bureau of Investigation across the country have been swamped with complaint calls from recipients of a fraudulently addressed e-mail within a two-hour period.<\/p>\n<p>According to Charles L. Goodwin, FBI Special Agent in Charge in Honolulu, Hawaii, the e-mail was purporting to be from the FBI from the following fake email addresses department@fbi.gov, mail@fbi.gov, etc. The emails contained an attachment named \u201cquestion list.zip.\u201d It appeared from a preliminary investigation that the attachment contained a malicious code named W32\/Sober.gen@MM.<\/p>\n<p>McAfee anti-virus software detects the malware as the W32\/sober.gen@mm virus. The \u201c.gen\u201d extension means that the anti-virus software recognized this as a variant in the W32\/sober virus family, but cannot pinpoint the specific variant. This is probably because this is a new, yet uncharacterized, variant.<\/p>\n<p>Preliminary analysis shows that on execution the malware carries out the following actions:<\/p>\n<p>&#8211; Produce pop-window that appears to be an error message containing the text \u201cWinzip Self Extractor-Error in packed header\u201d.<\/p>\n<p>&#8211; Opens and reads files on the hard drive. This is consistent with the e-mail harvesting behavior of the W32\/Sober viruses.<\/p>\n<p>&#8211; Sends multiple e-mail messages from the affected system to e-mail addresses likely harvested from the hard drive. The e-mail messages contain a copy of the malware in the form of a file attachment.<\/p>\n<p>As a result of this malware, McAfee recently issued an update to their W32\/Sober.gen@mm description at http:\/\/vil.nai.com\/vil\/content\/v_102139.htm Symantec (Norton) is now calling this virus W32.Sober.X@mm.<\/p>\n<p>Goodwin said that these e-mails did not come from the FBI. \u201cRecipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this matter. Opening e-mail attachments from an unknown sender is a risky and dangerous endeavor as such attachments frequently contain viruses that can infect the recipient\u2019s computer,\u201d he said in a statement.<\/p>\n<p>The FBI strongly encourages computer users not to open such attachments, install current windows updates, and install\/update anti-virus software.<\/p>\n<p>\u201cThe FBI takes this matter seriously and is investigating. Users are instructed to delete the e-mail without opening it,\u201d Goodwin added. (PR)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Starting Nov. 21, 2005, field offices of the Federal Bureau of Investigation across the country have been swamped with complaint calls from recipients of a fraudulently addressed e-mail within a two-hour period. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-95677","post","type-post","status-publish","format-standard","hentry","category-local-news"],"_links":{"self":[{"href":"https:\/\/www.saipantribune.com\/index.php\/wp-json\/wp\/v2\/posts\/95677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.saipantribune.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.saipantribune.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.saipantribune.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.saipantribune.com\/index.php\/wp-json\/wp\/v2\/comments?post=95677"}],"version-history":[{"count":0,"href":"https:\/\/www.saipantribune.com\/index.php\/wp-json\/wp\/v2\/posts\/95677\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.saipantribune.com\/index.php\/wp-json\/wp\/v2\/media?parent=95677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.saipantribune.com\/index.php\/wp-json\/wp\/v2\/categories?post=95677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.saipantribune.com\/index.php\/wp-json\/wp\/v2\/tags?post=95677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}