You visit illegal websites

Mike michael at NOMENNESCIO.NET
Mon Feb 21 11:23:11 GMT 2005 

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

There seems to be a new virus (or is it a hoax?) active. The subject is "You visit illegal websites" with a "From: Office at FBI.gov". Here's the text of the e-mail:

==============================================
Dear Sir/Madam,

we have logged your IP-address on more than 40 illegal Websites.

Important: Please answer our questions!
The list of questions are attached.


Yours faithfully,
M. John Stellford



++-++ Federal Bureau of Investigation -FBI-
++-++ 935 Pennsylvania Avenue, NW, Room 2130
++-++ Washington, DC 20535
++-++ (202) 324-3000
==============================================

It sometimes add a footer like this:

==============================================
*-* Mail-Scanner: No Virus detected
==============================================

It can also be an e-mail from Microsoft with the request to install a patch or someone from hotmail to thank you for some registration.

They all have some sort of attachment (approx. 51KB), a zip file. In the case of the FBI mail, it was "indictment_cit2515.zip".

The zip file contains a .pif file (double extension, ".txt                  .pif" (lots of spaces between .txt and .pif). If MailScanner is configured to scan within zip files, you just be save (I guess).

The file however is an executable (Has "MZ" as the first bytes in the file). I'm not sure what it does, I haven't opened it on a Windows box, I'm just too afraid...

Has anyone else seen this??? I cannot find any information about this on the Internet and none of the major Anti-Virus companies have information on it.

Regards,
Mike.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list