FBI: “You Visit Illegal Websites” Spam Virus

Every time I read about a scam that’s catching the public imagination, I’m always intrigued to actually receive a copy of the message so I can see for myself how believable it is. Currently the big scam is that there’s a virus being sent purporting to be from the Federal Bureau of Investigation accusing the recipient of visiting illegal Web sites. If you haven’t received the message yet, here’s what it says…

Dear Sir/Madam,

we have logged your IP-address on more than 40 illegal Websites.

Important: Please answer our questions!
The list of questions are attached.

Yours faithfully,
M. John Stellford

++-++ Federal Bureau of Investigation -FBI-
++-++ 935 Pennsylvania Avenue, NW, Room 2130
++-++ Washington, DC 20535
++-++ (202) 324-3000

To give these virus writers some modicum of credit, at least they do appear to have identified the correct street address for the FBI, but that’s easily found by visiting the FBI Web site anyway. The phone number is valid too. In fact, call it and you might be lucky enough to know how busy the Feds really are: “Hello, you’ve reached FBI headquarters, but all of our lines are currently busy.”

What doesn’t make sense to me is why people are so gullible. If the FBI did in fact identify that you’d visited illegal Web sites and were sending you an attached ZIP file entitled “text-indictment_cit1246.zip” (at least, mine was), then wouldn’t they figure out if you’re a Sir or Madam before sending out the message? Further, let’s get real. This is the Feds. Do you think that they’re going to email you a questionnaire if they have even the slightest hint of illegal activity? I think a firm knock on your door is much more likely!

But let’s say that you are paranoid, guilty, and afraid that you have somehow violated the law and visited illegal Web sites. Why would you then click on a ZIP archive? If it were a “.doc” Word file, maybe, but a ZIP file?

If you do unpack the ZIP archive, you’ll find that there’s a file inside called “doc_data-text.txt.pif” which leads to another question: is there ever a legitimate reason to receive a .pif file? In case you’re curious, the answer, as far as I can tell, is “no”. The PIF extension denotes a Windows Program Information File and even neutral third-party sites describe the format as “Program Information File dates back to the early versions of Windows. Basically, it’s an information file that when you click on it the information in the file is used by Windows to run some program; including code that can be in the PIF file. It is a potentially dangerous file type and one should never click on one received via E-mail without extensive knowledge of exactly what it will do first. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.” (source).

I usually don’t believe that it’s the responsibility of the user to avoid spams and scams — I’d like to see the system solve these problems, the network infrastructure companies and the end-product providers (like Microsoft) — but in situations like this, the raw stupidity of people who believe that the FBI is sending them a legitimate questionnaire, well, it’s just astonishing. A little bit of user education would go a long way to making this sort of scam a footnote, not a news story.

41 comments on “FBI: “You Visit Illegal Websites” Spam Virus

  1. Thanks for your comments. Mine came from abuse@gov.us and I knew I wasn’t on sites but it is a feeling of anxiousness nonetheless. The fact that the attached file showed a virus told me it was bogus, but there is always fear that someone might have used my computer while I was on vacation.

  2. They have been real busy this evening…got one from the FBI, two from security@microsoft and yet another from “unable to deliver mail.”

  3. Thanks for your info, which I found from a web search. I also got one of these, however, it was blocked by the Midcontinent e-mail server and I received the notification. Hat’s Off to midconet.

  4. thank you
    im 14 years old and it scared the crap out of me i stayed awake almost all night till i came to your site thanks a bunch man
    andrew smith

  5. I received this message from Admin@cia.gov. I would never open a zip file from a questionable source but must admit tha address and name included in the text made the e-mail look real. A big warning sign for me was the “to” address was not my real e-mail address.

  6. I received an email today from Office@cia.gov with the “Dear Sir/Madam” junk. Steven Allison was the name on my email, and it did seem pretty real. Both the phone number and the address matched, and when I looked up the email address it lead me to the CIA also. FYI.

  7. Have your seen George Carlin’s new show… He talks about how utterly stupid most every one is..
    You can guess that these are the type of individuals who would no only open the email attachment but send it to all there friends!

  8. Man, I hate being late to the party. It was ages before I got the Nigerian spammer letters and only now I’ve gotten this email. Thank goodness for Google – it answers all the questions. 🙂

  9. Looks like it’s the CIA’s turn to send out this message. Steven Allison was the name on mine too. The message did give me the creeps!

  10. Within the last 2 hours I’ve gotten at least 12 of these emails, some from the CIA, some from the FBI. The interesting thing to note is that all of them were addressed to a name or listserver at mac.com. No word on the Mac support site about anything unusual yet.

  11. Just got the same thing, and immediately started wondering, “did I ever actually pay that parking ticket?” Given the gullibility that Dave mentions, I’m wondering how many wanted criminals may have received it and turned themselves in! That’s probably why the FBI’s phone number was so busy.

  12. I would’ve dismissed it except for two things – teenagers who love itunes and music sites and might not know the difference between legal and illegal sites and the possiblity that ip theft might be as plausable as id theft….

  13. I received the message your IP address has been logged on over 30 illegal websites and we would like to ask you some questions. I looked at the email address they had in the email and it was not exactly like mine was. I almost opened it and then I thought if the FBI did want to talk to me they would appear in person there is something not right here. Thank God I realized this in time.

  14. Like Ellen, I am a Mac.com user and so far today (Nov. 22) I have received more than two dozen of these spams (I have never before received spam via my Mac.com email address). In addition to the “Your_IP_was_logged” subject lines, I’ve gotten messages with the following subject lines: “Your Password,” “smtp mail failed,” “Registration Confirmation,” “hi, ive a new mail address,” and “You visit illegal websites.”
    The spoofed From lines include “Mail@fbi.gov,” “Post@fbi.gov,” “Department@cia.gov,” “admin@cia.gov,” among many others….

  15. If the file was opened how do you get rid of it. I took this file to a thumb drive and opened it but my e-mail in the C drive would not open. When I reset the computer to a previous time everything seamed to go back to normal and a hacker firewall check and virus scan revealed nothing. But I’m still not sure it’s gone. What do you think, please.

  16. As John reported on Nov. 22, I have also received similar numbers of various spams referring to passwords, illegal websites, smtp mail failed, etc, etc, etc. from various government agencies as well as from just regular so-called people. It started last week and I lost a day wondering whether a virus had finally infected my mac! The floodgates opened this morning. Now I see them and immediately delete and erase them.

  17. I want to thank you, for putting this info up, I am still fairly new to this and wasn’t sure about it but I received 2, one was the FBI and the other CIA and the name was the same Steve Allison.My older son’s girlfriend said it was a fake and not to open the attachments, which I didn’t,but having a young teen in the house I thought you never know.I didn’t sleep well thinking about it and now that I found this site I am breathing a sigh of relief. Thank You Again

  18. Hello
    I’m a french person and i received this mail:
    Dear Sir/Madam,
    we have logged your IP-address on more than 30 illegal Websites.
    Important:
    Please answer our questions!
    The list of questions are attached.
    Yours faithfully,
    Steven Allison
    *** Federal Bureau of Investigation -FBI-
    *** 935 Pennsylvania Avenue, NW, Room 3220
    *** Washington, DC 20535
    *** phone: (202) 324-3000
    I want to know if this mail is a joke or not
    the mail come from “post@fbi.gov”…
    It’s a very strange joke for me…

  19. Hello
    I’m a french person and i received this mail:
    Dear Sir/Madam,
    we have logged your IP-address on more than 30 illegal Websites.
    Important:
    Please answer our questions!
    The list of questions are attached.
    Yours faithfully,
    Steven Allison
    *** Federal Bureau of Investigation -FBI-
    *** 935 Pennsylvania Avenue, NW, Room 3220
    *** Washington, DC 20535
    *** phone: (202) 324-3000
    I want to know if this mail is a joke or not
    the mail come from “post@fbi.gov”…
    It’s a very strange joke for me…

  20. Damn it!! Because of that email I contacted a lawyer who after charging me an extraorbitant amount of money, recommended I sell my assets and move to Mexico. I miss my son and my wife so much but, hell, life here is not so bad

  21. got 1 too from steve allison, antivirus caught it and it made me think, why would the FBI send a virus?so I googled and found this page,very informative. Thanx.

  22. been receiving this spam for a week, names are fbi&cia.
    i’m also getting spam from “administrators” stating my password is in a zip file.
    i actually called the fbi today(message from steve allison).they’re being bombarded with calls, & told me not to open these e mails. thanks for the heads up.
    peter klein

  23. Oh my! Do these people have nothing better to do than this??
    I received the same email and thought, “FBI?? Illegal sites?? Uh huh, I’m sure they have nothing better to do than to send email to ME for, Unwittingly, visiting an illegal site.” AND, since when would an FBI agent sign his email, “Your’s Faithfully”????
    If we are doing something illegal and it’s THAT serious, we would NOT be receiving obscurely(Sir/Madaam) addressed email. Those gentlemen would be at our doors!!
    Some folks just have waaaaay too much spare time!!
    Katie

  24. Oh my! Do these people have nothing better to do than this??
    I received the same email and thought, “FBI?? Illegal sites?? Uh huh, I’m sure they have nothing better to do than to send email to ME for, Unwittingly, visiting an illegal site.” AND, since when would an FBI agent sign his email, “Your’s Faithfully”????
    If we are doing something illegal and it’s THAT serious, we would NOT be receiving obscurely(Sir/Madaam) addressed email. Those gentlemen would be at our doors!!
    Some folks just have waaaaay too much spare time!!
    Katie

  25. Can you explain how these things keep coming to my email? Am I on someones address book that has opened the virus? What can I do to stop recieving them?
    Thanks

  26. I’ve been getting these for days now. Earthlink is great in preventing me from getting them and just notifies me that an email was sent to me with a virus and gives me the info on where it was sent from. I did email all in my address book a warning about the virus.
    One of my coworkers just got it yesterday and asked if she should open it because the message said she was going to illegal sites. I told her to delete it and anyothers she may get from the government.

  27. I got the same email on 12/1/05. Of course being intrigued I opened the file, but was fortunate my anti-virus software caught it and prevented me from unzipping it. I then did a google search and found your site. Thanks a whole bunch!!
    Jim

  28. I received this on 30Nov05, the same day I created this e-mail address. Apparently, the old owner of the name gave it up, and had spread around the e-mail name, and receives a bunch of spam, as well as e-mail hoaxes. I was tempted to open it, but wouldn’t do it from my own computer. Before even risking a library computer, I checked Google. Thanks for the warning!

  29. Thanks for the info.One was being sent to us from Admin@FBI.gov but SpamAssassin Mail filter on our mandrake server blocked it from beng deliverd.i found it in the que being bounced back but wante dto know more about it.
    Thanks for good warning!

  30. I have been plagued by this same type Harressment.On a daily basis. I have seen every type message listed here.
    I have searched for a way to reprot it, ISP abuse, wants a specifc format when reproting! The closest I goet is a combined gov. website IFCC if one wants to make a case of it.
    I hoped there woould be an IP tracer program in freeware, no such luck. Those programs that claim they work are not worth a one time deal.
    Anyone have a solution, other than changing our email address.

  31. woooah that was scary i thought they were tapping my phone lines and i was scared and all sorts of stuff…i had twelve such e-mails in my inbox…

  32. Yah I would never open something like that My spam scanner stop the e-mail from coming in lol
    But what really licked me off was why would they send a questionair so I went here and found out Thanks I was really scared.

  33. I got the same e-mail, and when I opened it up I thought this is it, I’m toast! I decided that the best thing for me to do was go right to the Police station and turn myself in, so that’s what I did. When I went there to confess about the sites that I visited, there were 3 cops there and they all started laughing at me and told me not to worry about it and go home! Man, was I ever relieved!

  34. So we have this page that pops up every time we turn on our family computer saying that the fbi has blocked our computer and we have 72 hours to pay $200 or else they will sue. how do we know if its real?

Leave a Reply

Your email address will not be published. Required fields are marked *