Home / mailingsPDF  

WSLabs, Malicious Web site / Malicious Code: Better Business Bureau Scam Updated

Posted on 29 August 2007
Websense Security Lab

Websense® Security Labs(TM) has received reports of a new variant of an email attack that was originally launched early this year. The spoofed email purports to be from the Better Business Bureau (BBB). The message claims that a complaint has been filed against the recipient's company.

Previously, the email attack contained an attachment that the victim would need to open in order to become infected. The new variant is slightly different.

The new message uses a tactic employed by other, more-successful email attacks, such as the recent Storm worm. Instead of including an attachment in the email, the body of the email contains a link to an external Web site from which the payload is downloaded if the link is accessed. This method allows the attack to bypass many attachment filters at the email gateway.

Link to our previous BBB alert:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=777

Sample email:

-From: [removed]@bbb.com
-Sent: Tue 8/28/2007 8:54 PM
-To: [removed]
-Subject: BBB Complaint for [removed] [Case id: #[removed]]

Dear Mr./Mrs. [removed] ([removed] Inc.)

You have received a complaint in regards to your business services.
Use the link below to view the complaint details:

CLICK HERE TO DOWNLOAD AND VIEW DOCUMENTS FOR CASE #[removed]

[URL removed]

Complaint Case Number: 1A58FF
Complaint Made by Consumer Mrs. Marcia E. Worthington
Complaint Registered Against: [removed] of [removed] Inc.
Date: 05/14/2007/

Instructions on how to resolve this complaint as well as a copy of the original complaint can be obtained using the link below:

CLICK HERE TO DOWNLOAD AND VIEW DOCUMENTS FOR CASE #[removed]

[URL removed]

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=801

 

TOP