February, 2008 A new round of targeted attacks disguised as an email from the Better Business Bureau is designed to drive unsuspecting users to a website where they are infected with malware.  The new attacks, which are similar to those used in mid- and late-2007, are more targeted that before, and reference the recipient’s name and company.  Emails used in this attack include in the subject line the title “BBB Complaint Case,” and encourage the recipient to download and print a copy of the complaint in order to complete the attack on the web.

The link in the email indicates it is hyperlinked to the BBB website, and a mouse-over on the link will indicate connection to another site.  Clicking on the link redirects users to a third URL which hosts a spoofed website of the BBB.  The user is presented with a BBB page but the address bar will indicate a non-BBB URL.  The page asks users to download an ActiveX Control in order to use the page by clicking on a highlighted link. Click here to see full-size of image at left. Clicking on the link triggers a download of malware onto the users system.

Unlike previous threats, users must click on the link to activate the malware download.  However, this can be easily modified and take advantage of known browser exploits to trigger an automatic downloads.  Therefore, it’s recommended that users do not click on any links in the email to visit questionable sites.  

Because it is a targeted attack, this type of malware attack is not blocked by filters looking for high-volume attacks. In addition, the attack circumvents traditional anti-virus methods by shifting the attack to the web, and therefore avoiding signature-based AV gateways.

Anyone who receives an email from the Better Business Bureau and wishes to investigate the claim should visit the BBB site directly from their browser by typing in www.bbb.org.

Click here to return to Threats