Malicious Code Authors Spoof FBI

The U.S. Federal Bureau of Investigation today warned the public to avoid falling victim to an ongoing mass e-mail scheme wherein computer users receive unsolicited e-mails purportedly sent by the FBI.

“These e-mails did not come from the FBI. Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner,” said the agency in a statement.

Dangerous Attachments

These scam e-mails tell the recipients that their Internet use has been monitored by the FBI’s Internet Fraud Complaint Center and that they have accessed illegal Web sites. The e-mails then direct recipients to open an attachment and answer questions. The attachments contain a computer virus.

“Opening e-mail attachments from an unknown sender is a risky and dangerous endeavor as such attachments frequently contain viruses that can infect the recipient’s computer. The FBI strongly encourages computer users not to open such attachments,” the agency said in a statement.

Social Engineering

Ken Dunham, the director of malicious code research at iDefense, a Reston, Va.-based threat intelligence firm, told TechNewsWorld that the FBI scam is just another tactic designed to get Internet users to execute malicious code.

“What we’ve found is social engineering and user interaction-based malicious codes have had great success,” Dunham said. “The more authoritative the e-mail sounds or the more realistic it appears, the more likely it is that the attachment will be executed.”

Education Needed

Although public awareness tends to make user-interaction worms less successful than automated ones, Dunham said plenty of people are still falling prey to them. Part of the problem, he said, is the popularity of file sharing, but the larger problem is simple ignorance.

“Everybody should that executable files are potentially dangerous and commonly harbor malicous code,” Dunham said. “Yet everybody is not aware of this. Some corporate users will use their desktops to check a personal Web mail account that is not strictly monitored or controlled and viruses can come into the corporation that way. Internet users need to be aware of basic security practices.”

The FBI said it is taking this matter seriously and is investigating. The agency encourages users receiving e-mails of this nature to report it to the Internet Crime Complaint Center.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels