Websense® Security Labs™ has received reports of a new email spam variant similar to an attack launched early this year. The spoofed email purports to be from the Better Business Bureau (BBB). The message claims that a complaint has been filed against the recipient’s company. Attached to the message is a Microsoft Word document (Document_for_Case.doc), supposedly containing additional details regarding the complaint. The Word document actually contains a Trojan Downloader that, when opened, attempts to download and install a keylogger. This keylogger uploads stolen data to an IP address in Malaysia.

Sample Email Body:

From: Better Business Bureaus [mailto:operations@bbb.org]
Sent: Wednesday, May 23, 2007 7:39 PM
Subject: Complaint Case Number XXXXXXXXXX

Dear Mr./Mrs. XXXXXXXXXX XXXXXXXXXX

You have received a complaint in regards to your business services. The complaint was filled by Mr. Mark Williams on 5/21/2007

Complaint Case Number: XXXXXXXXXX
Complaint Made by Consumer Mr. Mark Williams
Complaint Registered Against: XXXXXXXXXX
Date: 5/21/2007
Instructions on how to resolve this complaint as well as a copy of the original complaint are attached to this email.

Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:
- Claims based on product liability;
- Claims for personal injuries;
- Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.
The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.

The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.

© 2003 Council of Better Business Bureaus, Inc. All Rights Reserved.

Sample Email Screenshot:

Original BBB Alert: http://orwwa.bbb.org/release.html?value=61

You must be logged in to post a comment.

1 Comment

1. Dan Veasey on May 25, 2007 7:58 am

   I received this yesterday. It looked like a very good spoof. The only giveaway I had was that it was in regards to a credit union that I worked for 10 months ago and that I did not recognize the name of the fake person filing the complaint. Suspecting it was a virus I had yahoo mail scan it and upon finding no virus I went ahead and downloaded it. Fortunately my pc’s virus scanner caught the malicious file and denied access to it.

   Upon visiting the real BBB.org site I found that they have a searchable database of complaints. It was very good and it actually did find a real complaint against my former employer that was resolved. No private names listed except the name of the manager at the credit union who replied to the complaint.