WATCH OUT FOR EMAIL CONTAINING MALWARE. DO NOT OPEN OR CLICK ON THE LINK IF YOU RECEIVE THE EMAIL
Date: Wed, 7 Dec 2011
From: “::Better Business Bureau::” [risk.manager@bbb.org]
Subject: Complaint from your customers
Attachments: bbb_logo.jpg
Hello,
The Better Business Bureau has been filed the above mentioned complaint from one of your customers concerning their dealings with you.
The detailed information about the consumer’s concern is included in enclosed document.
Please review this case and advise us of your standpoint.
We kindly ask you to click here to reply this complaint.
We look forward to your urgent reply.
Sincerely yours,
Roland Dani
Better Business Bureau
Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
A link in the email goes to a legitimate but hacked site, users are forwarded to billycharge.com on 79.137.237.63. This IP is on Digital Networks CJSC in Russia (aka DINETHOSTING), a wholly black hat operation – you should block access to 79.137.224.0/20 if you haven’t already done so. The Wepawet report is here , VT shows 0/43 detections for the exploit page although the download malware should tickle at least some scanners.
Some other subjects and senders being used in this spam:
- BBB assistance Re: Case # [random number]
- BBB Complaint activity report
- BBB processing
- BBB service Re: Case # [random number]
- Better Business Bureau Case # [random number]
- Complaint from your customers
- Please review your customer’s complaint
- Re: BBB Case # [random number]
- Re: Case # [random number]
- Your customer’s complaint
- Your customer’s concern
- admin@bbb.org
- alert@bbb.org
- alerts@bbb.org
- info@bbb.org
- manager@bbb.org
- risk.manager@bbb.org
- risk@bbb.org
- service@bbb.org
- support@bbb.org
After getting 3 of these mails I decided to google to see if they were spoofs etc. I would like to thank the author of blog http://blog.dynamoo.com/2011/12/malware-bbb-complaint-from-your.html for drawing the matter to everyones attention. Please pass this on in the hope that less people will get caught out by these criminals.
I looked at the originating IP address in the header and it showed it was coming from London UK, so these criminals seem to be placed not just in one place.
December 9, 2011 at 8:09 am
[...] 4 u malware from BBB.org imposterNew spoof emails re customer complaints from Better Business BureauMalware: BBB “Complaint from your customers” and billycharge.comGoogle black barMake the most of your Countryside TodayGoing away? Good advice from Home Security [...]
December 8, 2011 at 8:59 am
[...] 4 u Malware: BBB “Complaint from your customers” and billycharge.comGoogle black barMake the most of your Countryside TodayGoing away? Good advice from Home Security [...]
December 7, 2011 at 8:39 pm
[...] Malware: BBB “Complaint from your customers” and billycharge.com (wales4u.wordpress.com) [...]
December 7, 2011 at 3:49 pm
Looks like we got three, one from:
Vienna 62.178.181.251
Russia 109.202.19.18
Portugal 217.129.242.24
December 7, 2011 at 4:21 pm
Thank you for your comment. I can’t understand why anyone in their right mind would want to be so spiteful. What is the reason? Please tweet this blog and let as many people know about this malware to at least help prevent some people from getting caught.
December 7, 2011 at 2:33 pm
Thanks for the info!