View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
November 23, 2005

Paris Hilton worms her way into email systems

Paris Hilton and the FBI are unlikely partners in driving the spread of a new variant of the Sober worm.

By CBR Staff Writer

Emails arrive which encourage victims to click on attachments purporting to be threats from the FBI or videos clips of Paris Hilton and her reality TV co-star Nicole Richie. In reality, the attachment is a minor modification of the Sober virus that has flared up several times over the past year.

One version of the email carrying the worm appears to be a letter from the FBI saying the agency has found evidence the computer user has been visiting illegal websites. It asks the recipient to click on the attachment to answer questions.

The email claims to have been sent by an FBI agent with the message: ‘We have logged your IP-address on more than 30 illegal Websites. Important: Please answer our questions! The list of questions are attached.’ That ‘list’ of questions is attached as a .zip file and in fact contains the virus.

The FBI released a warning on November 22, 2005 saying it never sends unsolicited emails. The FBI takes this matter seriously and is investigating. Users are instructed to delete the email without opening it, it said.

Another version of the email used a message purporting to be from the Central Intelligence Agency. A third, a German-language variant, contained a threatening message from a German law enforcement agency. A separate version purports to offer a download manager for video clips, pictures and more of Hilton and Richie.

The good news is that while this version is virulent, it does not appear to have much of a payload. But security company F-Secure said internet companies have seen several millions of infected emails over the course of hours. The numbers we’re now seeing… are just huge, warned F-Secure’s chief research office Mikko Hypponen. This is the largest email worm outbreak of the year, so far.

If activated, the worm drops several files onto a computer and searches for email addresses stored in address books or elsewhere in memory and sends copies of itself to those destinations. If it finds Microsoft’s anti-spyware and antivirus software running, it turns the protections off.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Several other variants of a different virus, dubbed Mytob, are also making the rounds. The emails carrying them purport to be a message from an email service provider or from support staff providing notification about a changed password or suspended account.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.