The FBI released a statement on its Website noting that the agency was not the source of the e-mails. But experts said that the virus was propagating because the authors made the message appear authentic.
The FBI statement said that recipients of this or similar messages "should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner".
The messages appear to be sent from an e-mail address such as mail@fbi.gov, post@fbi.gov, admin@fbi.gov or a similar address, and direct the recipient to open an attachment to answer question. The opening of the file activates the virus and causes it to spread to others.
The Internet security firm Sophos said that similar e-mails might appear to come from the Central Intelligence Agency, but that both contain a strain of the Sober virus that has been spreading worldwide.
In a four-hour period on Tuesday, the worm "has accounted for over 61 percent of all viruses reported to Sophos, making it currently the most prevalent virus spreading across the world".
"This variant of the Sober worm may catch out the unwary as they open their e-mail inbox this morning," said Graham Cluley, senior technology consultant at Sophos.
"Every law-abiding citizen wants to help the police with their enquiries, and some will panic that they might be being falsely accused of visiting illegal Websites and want to click on the unsolicited e-mail attachment. All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection."
The e-mail says: "We have logged your IP-address on more than 30 illegal Websites," and directs the recipient to open an attachment to respond to questions.
"The FBI takes this matter seriously and is investigating," the law enforcement agency said, urging those receiving e-mails of this nature to report it to the Internet Crime Complaint Center via http://www.ic3.gov.
California-based firm PandaLabs said that the virus quickly became the most prevalent spreading around the globe. One reason for its success is that "this new variant uses social engineering techniques, tricking users into running files that contain the system code", PandaLabs said.
The virus uses another trick - displaying a dialogue box saying that no viruses, Trojans or spyware were found, according to PandaLabs, even though the computer is left unprotected against future attacks.
Experts noted that each infection causes a computer to send out new copies of the e-mail to those in the computer's address book.
"The propagation capacity of Sober.AH, means that every time there is a new infection, the chances of receiving an infected e-mail increase exponentially," said Luis Corrons, director of PandaLabs.
PandaLabs and others noted that some of the e-mails were being delivered in German to addresses in Europe, purportedly coming from the BKA, the German federal police.
The SANS Institute's Internet Storm Center, an academic-industry partnership, urged Internet users to exercise caution because anti-virus programs might not detect the latest versions of malicious programs.
"Antivirus software does not provide any reliable protection against current threats," SANS said. "Viruses like Sober tend to change every few hours well in advance of AV signature updates. The fact that an attachment did not get marked is no indication that it is harmless."
© 2005 Agence France-Presse
To add a comment,
Please log in:
Don't have an account?
Register now to comment on stories and stay up to date on important events and issues in the Middle East with our newsletter.