The FBI and its partner, the Internet Crime Complaint Center (IC3), have received reports of recent spam e-mails spreading the Storm Worm malicious software, known as malware.
These e-mails, which contain the phrase “F.B.I. vs. facebook,” direct e-mail recipients to click on a link to view an article about the FBI and Facebook, a popular social networking website. The Storm Worm virus has also been spread in the past in e-mails advertising a holiday e-card link.
Clicking on the link downloads malware onto the Internet connected device, causing it to become infected with the virus and part of the Storm Worm botnet. A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.”
Most owners of the compromised computers are unsuspecting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware.
Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.
“The spammers spreading this virus are preying on Internet users and making their computers an unwitting part of criminal botnet activity. We urge citizens to help prevent the spread of botnets by becoming web-savvy. Following some simple computer security practices will reduce the risk that their computers will be compromised,” said Special Agent Richard Kolko, Chief, FBI National Press Office.
Everyone should consider the following:Do not respond to unsolicited (spam) e-mail. Be skeptical of individuals representing themselves as officials soliciting personal information via e-mail. Do not click on links contained within an unsolicited e-mail. Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Validate the legitimacy of the organization by directly accessing the organization's website rather than following an alleged link to the site. Do not provide personal or financial information to anyone who solicits information.