John Borland
There is no Easter Bunny, and that's not a real Paris Hilton video in your email inbox. Nor is the FBI likely to be emailing you to ask you questions about visiting illegal Web sites.
New variants of an old computer worm were making the network rounds on Tuesday, enticing computer users into clicking on attachments purporting to be threats from law enforcement or videos clips of hotel heiress Paris Hilton and reality TV co-star Nicole Richie.
Antivirus companies said the new worm, a minor modification of the 'Sober' worm that has flared up several times over the past year and gained some traction over the weekend and on Monday. But this latest variant, graded as a medium-level threat, appeared to be trailing off as companies have responded.
"This one is virulent and will reproduce itself easily but does not have much of a payload," said David Perry, global director of education for antivirus company Trend Micro. "For the time being, this particular strain is probably done."
The new variant of the older Sober virus wraps itself in what appears to be a letter from the FBI saying the agency has found evidence of the computer user visiting illegal Web sites. It asks the recipient to click on the attachment to answer questions.
The FBI released a warning on Tuesday saying it never sends unsolicited emails.
"The FBI takes this matter seriously and is investigating," the agency said in its statement. "Users are instructed to delete the email without opening it."
Another version of the email used a message purporting to be from the CIA. A third, a German-language variant, contained a threatening message from a German law-enforcement agency.
If activated, the worm drops several files onto a computer and searches for email addresses stored in address books or elsewhere in memory and sends copies of itself to those destinations. If it finds Microsoft's anti-spyware and antivirus software running, it turns the protections off.
Several other variants of a different virus, dubbed 'Mytob', are also making the rounds, purporting to be a message from an email service provider or support staff providing notification about a changed password or suspended account.
Antivirus companies rate the danger of this worm as low, but as always, advise against clicking on unknown attachments to emails.
Visit reviews.cnet.co.uk for in-depth reviews of many more products
