Today we have also detected significant activity related to fake e-mail messages that claim to be from #bbb (#better business bureau) sent from spoofed email address.
In this example, the subject of the email is “BBB SBQ Form #212313267(Ref#13-212313267-0-4)“.
And here is the text message copied from the email:
Thank you for supporting your Better Business Bureau (BBB).
As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.
We encourage you to print this SBQ Form, answer the questions and respond to us. (self-extracting archive, #adobe pdf)
Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.
Thank you again for your support, and we look forward to receiving this updated information.
Sincerely,
Accreditation Services
In the email there is also an attachment named “#bbb sbq form.zip“, when extracted will produce a file named “#bbb sbq form.exe” with the icon as a PDF file. Indeed, the attacker is trying to convince his victim by said on the email that the file is a self-extracting archive and Adobe PDF.
Currently, the VirusTotal scan results are not pretty good, only 19 of 45 antivirus engines are detect this malware. Mostly detected generically or detected by heuristic engine. So there’s no exact detection name yet at the moment. However, we have checked and verified that the file is actually a virus which is a variant of the #trojan spy #zbot or #zeus.
If you receive similar spam or phishing emails, don’t hesitate to share with us in comments.
