Today the number of reports about the sober virus exploded.
At the moment of writing 61% of all virus reports, arriving at Sophos are reports of this sober version.
The FBI is so concerned about the messages that it has issued a warning on its website. The new version of the Sober worm arrives as an email attachment, with the following message body:

• Dear Sir/Madam,
  We have logged your IP-address on more than 30 illegal Websites.
  Important: Please answer our questions! The list of questions are attached.
  Yours faithfully,
  Steven Allison
  Federal Bureau of Investigation-FBI-
  935 Pennsylvania Avenue, NW , Room 3220
  Washington , DC 20535
  Phone: (202) 324-30000

(Sometimes the emails claim to come from the same investigator, but at the CIA.)
If the attached file is run, the worm scans the user's hard drive for other email addresses, in its search for other computers to infect.
"This variant of the Sober worm may catch out the unwary as they open their email inbox this morning," said Graham Cluley, senior technology consultant at Sophos. "Every law-abiding citizen wants to help the police with their enquiries, and some will panic that they might be being falsely accused of visiting illegal websites and want click on the unsolicited email attachment. All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection." Sophos

"The e-mail appears to be sent from the e-mail addresses of mail@fbi.gov, post@fib.gov and admin@fbi.gov. There may be other similarly styled addresses. The recipient is enticed to open the zip attachment which contains a variant of the w32/sober virus. If the program within the zip attachment is executed the virus is launched.
The text of the email is as follows:


Dear Sir/Madam,
We have logged your IP-address on more than 30 illegal Websites.
Important: Please answer our questions! The list of questions are attached.
Yours faithfully,
Steven Allison
Federal Bureau of Investigation-FBI-
935 Pennsylvania Avenue, NW, Room 3220
Washington, DC 20535
Phone: (202) 324-30000


These e-mails did not come from the FBI. Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner." FBI

I have done some little reaserch on this New virus and it is scary sounding.I was shocked at the extent they went too by poseing as an FBI agent.But then too me it looks a little too suspisious.:grin:The first thing I would wonder is why would the FBI want to talk to me?:grin: But anyway I read the Norton removla instructions and looks a little diffacault to remove.I would get a headache:shocked:.Well thanks for posting this information btalman it is very informative and helpful.
Last note it can be scary what dangers lie out if cyberspace

NHTCU warns over Sober worm

Cyber-blitz enters second week



The latest variants of the prolific Sober worm series are posing as messages from the UK's National Hi-Tech Crime Unit, prompting a warning from the British police agency.

The tactic is an extension of an ongoing mass virus attack. Other organisations similarly spoofed last week include the FBI and CIA in the USA and the German Bundeskriminalamt. Society heiress Paris Hilton also featured as the subject of some of the attacks.

The scam emails claims to recipients that their internet use has been monitored and that they have accessed illegal web sites. The emails then direct recipients to open an attachment, which Reg readers will not be surprised to hear is infectious. This Windows-specific malware travels in an email message with the subject line of "You visit illegal websites" or "Your IP was logged" from spoofed email addresses such as info@nhtcu.org and office@nhtcu.org. Users who open the infected message attachments on Windows machines will further propagate the outbreak, as well as leaving their machines open to additional attacks and misuse.

"These emails did not come from the NHTCU. Anybody who receives such an email should delete it without opening it," the police agency warns. NHTCU advises consumers to visit GetSafeOnline.org for tips on how to protect themselves and their computers for virus attacks.

From:
http://www.theregister.co.uk/2005/11..._worm_warning/