Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« A 419er's Direct Approach | Main | Phishing By Dummies »

July 21, 2006

From the FBI...NOT!

Here is a malware propagation message I received that is bound to catch plenty of unsuspecting folks off-guard:

Dear Sir/Madam,

We have logged your IP-address on more than 30 illegal Websites.

Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison

*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 283-2717

There is a 3.2 kilobyte file attached called Questions_List.zip. Viral analysis shows it to be a Trojan loader—a tiny program that reaches out to a specific place on the Internet and downloads more nasty stuff that takes over your computer.

Probably 80% of Internet users don't know what an IP address is, and 99% of Internet users wouldn't know that your IP address (which is usually logged when you visit a web site) does not reveal your email address. Technically, the content of this message is bogus, but it sure sounds possible to the non-geek.

By the way, as I'm a proponent of checking the least forgeable part of an email message's header to see where the message really originated from, I can say with high confidence that the United States FBI does not send mail through a German email server. That's where the one I received came from (probably another compromised PC).

Posted on July 21, 2006 at 11:57 AM