The FBI is warning computer users not to open a widely circulating email that falsely claims to have been sent by US authorities. The email attempts to trick users into installing a variant of the Sober worm by telling them that they have been spotted on "illegal websites," and asking them to click on an attached "list of questions".
"These emails did not come from the FBI," the FBI said in a statement.
"Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited emails to the public in this manner."
This latest worm now accounts for more than 65% of all malicious software being reported to antivirus vendor Sophos and makes up about one in every 74 email messages being sent on the internet, says Graham Cluley, a senior technology consultant at Sophos. "It's quite a significant event," he says. "I'm not sure that it's necessarily going to last, but at the moment it's well ahead of any other virus."
Once launched, Sober scans the user's hard drive for email addresses and sends the bogus email to new recipients. After that, it awaits further instructions from its creator, effectively turning the infected system into a remote-controlled zombie computer that could be used for further spamming or computer attacks.
Sometimes the worm pretends to come from the US Central Intelligence Agency (CIA) or German police, Cluley says.
Variations of the Sober worm have been circulating for about two years now and their code is similar enough that they are all thought to have been written by one person, or perhaps a small group of people, Cluley says.
By mentioning US law enforcement, the worm writers have made it more likely that users will inadvertently launch malicious code, but they may also be goading the FBI and the CIA, Cluley says. "It seems a bizarre thing for the virus writer to do, to pick a fight with the FBI and CIA in this way."
The FBI is taking the matter "seriously," and is investigating, the agency's statement says.