In the attack, users receive an email stating that a complaint has been filed against them with the Better Business Bureau and details of the complaint are included in a zip file attached to the email:
Subject: BBB assistance Re: Case #508067
From: Better Business Bureau (email@example.com)
Thu, 10 May 2012 17:40:47 +1200
Herewith the Better Business Bureau informs you that we have been sent a
complaint (ID ) from a customer of yours in regard to their dealership with
Please open the COMPLAINT REPORT below to findthe details on this question
and suggest us about your position as soon as possible.
We hope to hear from you shortly.
Better Business Bureau
The attached file, named “BBB report.zip” contains malware that Microsoft Security Essentials detects as Gamarue.F, which is the same piece of malware currently being spread by DHL spam.
Once Gamarue.F infects your machine, it will edit Windows registry files to make sure it runs on system start up, connect to remote servers to download additional arbitrary files and copy itself to removable drives.
What Should You Do if You Receive a BBB Phishing Email?
The Better Business Bureau has offered the following advice to anyone that receives an email that looks like it is about a BBB complaint:
- Avoid clicking on any links or file attachments.
- Read the email carefully to pick up on any signs that it may be fake: poor grammar, spelling mistakes or use of generic greetings such as “Dear member” instead of your actual name.
- Delete the email from your computer completely by hitting the "delete" button and emptying your computer’s “trash can” or “recycling bin.”
- Keep your antivirus software current and run a full system scan.
- Contact your local BBB office if you’re not sure whether or not the email is authentic.
- Forward the email to the BBB’s security team at firstname.lastname@example.org . (Note: There’s no reason to resend the email if you receive a “bounce” message.)
Have you received any BBB spam?
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.