Spate of fake e-mails spooks agencies

WASHINGTON - Perhaps recently you've been warned that you've visited illegal Web sites. Or you've been asked to help recover money that belongs to the family of a U.S. soldier killed in Iraq.  You're hardly the only one.

A recent spate of e-mails that aren't what they appear to be have confused consumers and led to a series of government warnings. The messages are fake, but convincing, because of a simple programming trick that allows cybercriminals to change the return address attached to Internet e-mail.

Experts warn consumers to be very suspicious of any e-mail they receive unexpectedly, and to never respond to such e-mails with personal information.

"It's gotten to the point where you can't trust anything you get in e-mail, and that's very sad," said Mary Landesman, About.com's computer virus expert. "E-mail is quickly becoming a very untrustworthy source."

FREE VIDEO Avoid Net scams NBC's Lester Holt and MSNBC.com's Bob Sullivan talk about e-mail scams on the Today show. Today show

Fake "From" lines in e-mails are nothing new, but this latest flurry got the attention of  the Department of Homeland Security, U.S. Immigration and Customs Enforcement, and the FBI. 

The fake FBI.gov message appears to be the most widespread.  The e-mail claims to be from the government agency and accuses recipients of visiting over 40 illegal Web sites. It also tells recipients to contact the FBI.

"These e-mails did not come from the FBI. Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner," the agency said in a warning on its Web site. "Opening e-mail attachments from an unknown sender is a risky and dangerous endeavor as such attachments frequently contain viruses that can infect the recipient’s computer."

Sober virus blamed
Experts believe a computer virus named Sober-L (some firms call it Sober-K) is behind the e-mails. That same virus also arrives promising a peek at Paris Hilton videos, and as a warning from the Microsoft Corp., according to Craig Schmugar, a virus researcher at McAfee.   In each case, the addressing information of the e-mail has been forged convincingly.

Most anti-virus firms rate the virus a low or medium risk, saying it hasn't spread as widely as some well-known malicious programs like MyDoom. Still, Alex Shipp of MessageLabs said the worm has had surprising staying power. MessageLabs filters detected a sharp increase in the number of infected e-mails on Wednesday. On Tuesday, the firm had trapped only 30,000 infected e-mails carrying the worm, down from 40,000 the day before. But on Wednesday, it caught 109,000 Sober-L infected e-mails.

MORE FROM SECURITY

Security Section Front

Red Tape: Your chance to spy on Google Tagged.com settles with states in invite fight Framed for child porn — by a PC virus In China, battles over a new wall Spain: Internet-related child porn on the rise Google providing better view of personal data EU agrees on new Internet user rights Red Tape: ‘Fakeosphere’ ads target consumers Internet censorship limits could be set by WTO Cubans say Craigslist-like site is blocked Security Section Front   Add Security headlines to your news reader: