Fake BBB E-mail Produces Malicious Software: Webroot
According to researchers from Webroot the security company, one large-scale spam outbreak that masquerades as BBB (Better Business Bureau) has been seen circulating online, globally.
The spurious electronic mail addressing the recipient tells him that BBB is informing him about certain pretension (ID) the agency received from one client he catered to regarding its dealership with him. The recipient is urged to go through a given COMPLAINT REPORT for gaining additional details regarding the case as well as give his opinion on it at the earliest. An URL is provided where he requires keying in his complaint ID so he can do the reviewing. The e-mail, then indicating the agency's eager waiting for an early reply, concludes courteously while signing off from Dispute Advisor, Ko Lee of BBB.
However, if anyone presses on the URL, he'll most unfortunately land on some different page that rather than give the report infects him with client-side malicious programs or exploits.
Here Independent Security Consultant Dancho Danchev who is also Cyber Threats Analyst with Webroot shares that though he could not get the original malware via the spam attack, he thinks it important to show that the perpetrators made use of the identical attack means that they did during the earlier waged malware assaults they alone had launched. Furthermore, he says that the mentioned malware laced URLs as well were hosted on the same 18.104.22.168 Internet Protocol, thus reports HELP NET SECURITY dated November 15, 2012.
It's also worth mentioning that repeatedly, the logo and name of BBB have been misappropriated within likewise malware e-mails during the last few months. Usually these e-mails assert about complaints being made vis-à-vis the recipients. A few e-mails advise recipients to view a file attachment instead of following any web-link, nonetheless, irrespective of either, the recipients end up getting malware.
Meanwhile, owing to the above kinds of scams, BBB posts online that anyone getting an e-mail from these malicious campaigns shouldn't follow its web-links alternatively view its attachments. Moreover, incase of doubt if the complaint is real or not, the user must contact his area office of BBB straight away.
Related article: Fake-mails Troubling Credit Union Customers
» SPAMfighter News - 21-11-2012