Websense Spam Campaign Using BBB Name
ThreatSeeker Network, Websense Security Labs, has identified the spam campaign, which uses social engineering methods to attract users to click on a link for the latest software and confirm contact details.
The security company says that several mails were sent. From appearance, these mails give an impression that the same hacker has sent them who attacked Bank of America customers, Royal Bank of Scotland, Wachovia and many others.
The security experts at Websense informed that the mail is a typical one and directs the user for new modifications in the security updates and they should install a BBB company certificate.
The mail has the subject line 'Attention Better Business Bureaus Consumers', and asks both old and new BBB consumers to click an attached link to download the latest software and confirm contact details.
Also, the link directs the user to a fake page of BBB wherein downloading of the 'certificate' called 'TrustedBBCCertificate.exe' will download a Trojan installer. When conducted, it directs the user to another harmful domain where a fake Web page is hosted. This new domain is meant for the 'Certificate Registration'.
The security experts also added that this page carries several options for the users to surf the database of the firm- either by database, phone or URL. Further, the site also convinces the users to install the certificate again.
Further, the BBB claims that the businesses started getting fake mails on October 21, 2008. It is advised that if any user gets any unsolicited mail, it should be erased immediately so that no virus or spyware can be installed.
Also, Chief Executive of BBB, Robert W.G Andrew, said that the mails and messages are the components of large phishing scam attacking the reputed name of BBB to attract users to open mails and click on links, as reported by OregonLive on October 23, 2008.
Further, BBB advises users to forward the inauthentic mails to firstname.lastname@example.org so that it can be sent to Electronic Crimes Task of US Secret Service for more inspection.
Related article: Websense Discovered Malicious Social Networking Spam Campaign
» SPAMfighter News - 05-11-2008