Spate of fake e-mails spooks agencies

WASHINGTON - Perhaps recently you've been warned that you've visited illegal Web sites. Or you've been asked to help recover money that belongs to the family of a U.S. soldier killed in Iraq.  You're hardly the only one.

A recent spate of e-mails that aren't what they appear to be have confused consumers and led to a series of government warnings. The messages are fake, but convincing, because of a simple programming trick that allows cybercriminals to change the return address attached to Internet e-mail.

Experts warn consumers to be very suspicious of any e-mail they receive unexpectedly, and to never respond to such e-mails with personal information.

"It's gotten to the point where you can't trust anything you get in e-mail, and that's very sad," said Mary Landesman, About.com's computer virus expert. "E-mail is quickly becoming a very untrustworthy source."

FREE VIDEO Avoid Net scams NBC's Lester Holt and MSNBC.com's Bob Sullivan talk about e-mail scams on the Today show. Today show

Fake "From" lines in e-mails are nothing new, but this latest flurry got the attention of  the Department of Homeland Security, U.S. Immigration and Customs Enforcement, and the FBI. 

The fake FBI.gov message appears to be the most widespread.  The e-mail claims to be from the government agency and accuses recipients of visiting over 40 illegal Web sites. It also tells recipients to contact the FBI.

"These e-mails did not come from the FBI. Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner," the agency said in a warning on its Web site. "Opening e-mail attachments from an unknown sender is a risky and dangerous endeavor as such attachments frequently contain viruses that can infect the recipient’s computer."

Sober virus blamed
Experts believe a computer virus named Sober-L (some firms call it Sober-K) is behind the e-mails. That same virus also arrives promising a peek at Paris Hilton videos, and as a warning from the Microsoft Corp., according to Craig Schmugar, a virus researcher at McAfee.   In each case, the addressing information of the e-mail has been forged convincingly.

Most anti-virus firms rate the virus a low or medium risk, saying it hasn't spread as widely as some well-known malicious programs like MyDoom. Still, Alex Shipp of MessageLabs said the worm has had surprising staying power. MessageLabs filters detected a sharp increase in the number of infected e-mails on Wednesday. On Tuesday, the firm had trapped only 30,000 infected e-mails carrying the worm, down from 40,000 the day before. But on Wednesday, it caught 109,000 Sober-L infected e-mails.

MORE FROM SECURITY

Security Section Front

Pentagon: Insurgents intercepted spy videos Privacy watchdog files complaint against Facebook Ohio court: Cell phone searches require warrant Nearly 1 in 3 older teens gets ‘sexting’ messages Australia to block obscene, crime-linked sites After criticism, Facebook tweaks settings again Court reviews employer access to texts NYT: U.S., Russia open talks on cyberwar limits Red Tape: Holiday ‘cyberbegging’ grows on eBay Internet users lured to oppose health bills Security Section Front   Add Security headlines to your news reader: