FBI says you’ve been visiting illegal websites? It’s a malware attack

Cybercriminals have spammed out a malicious attack, posing as a notification from the FBI that you have been visiting illegal websites.

Illegal websites email claiming to come from the FBI

A typical message reads as follows:

Subject: You visit illegal websites
Attached file: Document.zip

Sign up to our free newsletter.
Security news, advice, and tips.

Message body:
Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached.

If you make the mistake of running the program in the attached ZIP file, you’ll find that your computer is hit with a fake anti-virus attack – designed to scare you into handing over your credit card details.

Sophos products intercept the email messages as spam, and also detect the attachment as Mal/Bredo-K and Troj/BredoZp-DM.

Of course, if you have your wits about you you would realise that the email looks very suspicious in the first place. But there’s always the danger that some folks will be so worried that the FBI believes they might have been visiting naughty websites, that they’ll click on unsolicited email attachments without thinking.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.