The United State’s Central Intelligence Agency (CIA) is warning computer users to delete any unsolicited email purportedly coming from its public affairs office.
The CIA said the message is fake and the agency never sends unsolicited email to the public.
Do not open the attachment contained in the email because it may contain a malicious virus that could damage your computer or mail itself to people in your email address book. Check out the CIA website at www.cia.gov
Similar emails with the W32/sober virus purportedly come from the FBI and the Bundeskriminalamt (BKA), the German Federal police service.
The virus may:
Attempt to harvest email addresses from a configurable list of file extensions
Utilize its own SMTP engine to send itself to the harvested email addresses
Other common characteristics of W32/sober virus variants include:
Modify the system registry to prevent Windows XP's built-in firewall from starting
Modify the HOSTS file to prevent the computer from accessing certain security and commercial web sites
Attempt to terminate a number of running processes, some of which are security related
Open a backdoor on the system that allows the attacker to communicate remotely with the system via IRC. This may allow the attacker to upload and execute arbitrary code on the infected machine.
WA ScamNet advises computer uses to never open unsolicited email attachments and to keep their anti-virus protection up-to-date.