Email Impersonating The FBI Containing A Trojan
Another fraudulent email campaign has begun claiming to be from the FBI telling recipients they have visited 40 illegal websites. The IC3 ("Ice Cube") issued warnings about these particular email campaigns in 2005 and 2006 by releasing three PSAs on February 23, 2005, November 22, 2005, and July 24, 2006. The fraudulent email mentioned in the first PSA claimed the FBI logged the recipient's IP address on more than 40 illegal websites. The next two PSAs mentioned the emails that claimed the FBI logged the recipient's IP address on more than 30 illegal websites. All the emails instructed the recipient to answer questions in the attachment, which contained malware.
The PSA from February 23, 2005 stated the FBI has become aware of spam email fraudulently claiming to be from fbi.gov accounts. The email appeared to be sent from the email addresses of email@example.com, firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org. The recipients were told the FBI had logged their IP addresses on more than 40 illegal sites. The email instructed them to answer questions in the attachment, which contained a W32.Sober.K@mm worm.
In 2005, the IC3 began seeing complaints reporting fraudulent emails purportedly from the FBI claiming the recipient went to more than 30 illegal sites. The IC3 received over 5,300 related complaints in that year alone. The number of related complaints drastically dropped the following year to approximately 130 complaints. After 2006, the IC3 has only received two related complaints, one in 2007 and one in 2008.
Also in 2005, the IC3 began seeing complaints reporting fraudulent emails purportedly from the FBI claiming the recipient went to more than 40 illegal sites. That year, a total of approximately 1,600 related complaints were filed. No other complaints were reported until the beginning of this year, with more than 300 so far being filed.
As in the earlier email versions mentioned above, fraudsters are still using spoofed email addresses with an fbi.gov email extension. Recipients are still being told the FBI has logged their IP address on more than 40 illegal sites, and they need to answer the questions in the attachment, which contains malware.