May 4, 2011 08:57 GMT  ·  By

A new malware distribution campaign is producing rogue emails purporting to come from the FBI and attempting to scare users into opening malicious attachments.

Cyber criminals behind this attack are hoping to scare people into believing they are being investigated by federal authorities because they accessed illegal online content.

The subject of the rogue emails reads "you visit illegal websites" and their header is forged to appear as if they originate from an FBI address.

The contained message reads: "Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached."

The attachment is called document.zip and according to security researchers from email and web security vendor ApprRiver, it contains a version of Bredolab.

Bredolab is a trojan downloader commonly used as a malware distribution platform. In this case, it installs a backdoor on the PC through which attackers can deploy even more threats.

In order to trick users into believing they are dealing with a document, the executable found inside the .zip archive bears a PDF icon.

"It's intent is to slip past your human defenses and create a permanent backdoor on your PC in order to further download malicious payloads such as keyloggers and spyware," notes AppRiver security researcher Fred Touchette.

The FBI and its senior officials have been impersonated in the past, but mostly in advance-fee or identity theft scams. For example, emails purporting to come from FBI Director Robert Mueller convinced a woman to send over $400,000 to Nigerian scammers over the course of two years.

Of course, most people would probably realize the FBI doesn't perform investigations over email. They have the resources to come and ask whatever questions they might have in person.

Users are advised to always validate suspicious claims made in emails by organizations or government agencies by calling them over the phone.