The National Hi-Tech Crime Unit (NHTCU) has warned computer users not to fall victim to the latest Sober worm attack, which is now spreading via an email that pretends to come from the cybercrime-fighting police unit.
The email tells recipients that their Internet use has been monitored and that they have accessed illegal Web sites. The email then directs recipients to open an attachment and answer questions, but this attachment is actually the Sober virus.
The NHTCU advised users to delete unsolicited email.
"If you receive email from someone you don't know you should delete it. Never click on a link, and update your antivirus software regularly," said an NHTCU spokesperson on Tuesday.
Emails from firstname.lastname@example.org and email@example.com should be deleted immediately, the NHTCU said. The mass-mailing worm is transmitted in an email with the subject line of "You visit illegal Web sites" or "Your IP was logged". Once downloaded, it mails itself to all of the addresses in the users' address book, and turns off antivirus software.
This latest Sober outbreak broke out last week, with very similar emails pretending to come from the FBI, or claiming to contain video clips of hotel heiress Paris Hilton.
and experts have warned that it is likely to worsen this week as US users return to work and switch on computers after the Thanksgiving break.
IT managers who feel their employees could be at risk should direct them to GetSafeOnline, the information service offered by the NHTCU, the spokesperson said.