The virus travels in email messages with the subject line "You visit illegal websites" or "Your IP was logged". They appear to be sent from the addresses [email protected] and [email protected].
The fake emails tell recipients that their internet use has been monitored and that they have accessed illegal websites. The emails then direct recipients to open an attachment and answer questions.
But the emails did not come from the NHTCU, and anyone who opens the attachment will infect his computer with the latest variant of the W32/Sober virus. This raids the infected PC for email addresses to send itself to.
Anybody who receives such an email should delete it without opening it, warned the agency.
As part of the attack, hackers last week also sent out spoof messages purporting to come from the FBI and CIA, and the German Bundeskriminalamt. The scam appears to have been highly successful, with security firm Sophos advising on Thursday that the worm then accounted for 85% of all viruses reported to the firm.
