The virus travels in email messages with the subject line "You
visit illegal websites" or "Your IP was logged". They appear to be
sent from the addresses info@nhtcu.org and office@nhtcu.org.
The fake emails tell recipients that their internet use has been
monitored and that they have accessed illegal websites. The emails
then direct recipients to open an attachment and answer
questions.
But the emails did not come from the NHTCU, and anyone who opens
the attachment will infect his computer with the latest variant of
the W32/Sober virus. This raids the infected PC for email addresses
to send itself to.
Anybody who receives such an email should delete it without
opening it, warned the agency.
As part of the attack, hackers last week also sent out spoof
messages purporting to come from the FBI and CIA, and the German
Bundeskriminalamt. The scam appears to have been highly successful,
with security firm Sophos advising on Thursday that the worm then
accounted for 85% of all viruses reported to the firm.
