Fact Check

Sober.C Virus

Is the FBI sending out illegal download warnings?

Published Jan. 7, 2004

Claim:

Claim:   The FBI's "Department for Illegal Internet Downloads" is sending out automated warning messages via e-mail.


Status:   False.

Example:   [Collected on the Internet, 2003]




Subject: You use illegal File Sharing...

Ladies and Gentlemen,

Downloading of Movies, MP3s and Software is illegal and punishable by
law.

We hereby inform you that your computer was scanned under the IP 94.195.57.211. The contents of your computer were confiscated as an evidence, and you will be indicated. In the next days you will receive the charge in writing. In the Reference code: #34510, are all files, that we found on your computer.

The sender address of this mail was masked, to protect us against mail bombs.

- You get more detailed information by the Federal Bureau of Investigation -FBI-
- Department for "Illegal Internet Downloads", Room 7350
- 935 Pennsylvania Avenue
- Washington, DC 20535, USA
- (202) 324-3000



Origins:   The address and phone number given at the foot of the message quoted above are real (they belong to the FBI's Washington, D.C., headquarters), but that's the only thing genuine about this e-mail.

The FBI may have an interest in tracking illegal downloads of copyright-protected material on the Internet, but they don't have a "Department for Illegal Internet Downloads," and they aren't sending out automated messages like the one quoted above to serve notice that "your computer was scanned" and the "contents of your computer were confiscated." If nothing else, the poor grammar and spelling — "an evidence" rather than "evidence"; "indicated" rather than "indicted" — should be an obvious giveaway that the message is a phony, and likely crafted by a non-native speaker of English. (The latter point is probably confirmed by the fact that similar messages stemming from the same source are sent out with subject lines in German.)

The FBI has issued the following denial:



Attention — FBI e-mail hoax alert! Have you recently received an e-mail, purportedly from the FBI, with the subject "Your IP was logged," warning you about illegal downloading of movies and software and saying you are under FBI investigation? If you have, please be advised that the e-mail is a fake — the Bureau, even though it does investigative violations of Intellectual Property laws, does not investigate or notify persons under investigation as outlined in the e-mail. It may also contain a virus. If you've received the e-mail, please contact the FBI at www.ifccfbi.gov.

This message (which also arrives with subject lines such as "Preliminary investigation were started" [sic] and "Your IP was logged" is actually a carrier for an executable attachment which harbors the Sober.C virus, a mass-mailing worm that affects systems running any version of Microsoft Windows (other than Windows 3.x). When activated for the first time on a target PC, the worm displays a fake error message similar to the following:

Sober.C

Symantec offers a removal tool for Sober.C on its web site.

Last updated:   29 October 2007





  Sources Sources:

    Varghese, Sam.   "Invoking the FBI to Spread Malware."

    The Sydney Morning Herald.   6 January 2004.


David Mikkelson founded the site now known as snopes.com back in 1994.

Article Tags