Targeted Attack Hitting Businesses With Fake BBB E-mail
A well-crafted targeted malware attack in the guise of a Better Business Bureau complaint is spreading to businesses via e-mail.
In the blog for antispyware-maker Sunbelt, Alex Eckelberry posted an example of an attack message his company received yesterday. An e-mail arrived that purported to come from 'Better Business Bureaus [operations@bbb.org]' appeared to describe a complaint from a 'Robert Davis,' but in fact carried a malware payload.
Unlike many such attacks, the e-mail was well-written, without the frequent misspellings and other hallmarks of fake e-mails.
What's worse, the e-mail was addressed to an actual Sunbelt employee, and the attached malware payload evaded most antivirus programs. In results Eckelberry posted from a Virustotal.com scan, only 6 programs out of 31 gave any sort of warning. The malware is designed to steal data, according to Eckelberry.
As a security company, Sunbelt is likely more subject to attack than the average company. But targeted attacks have been used for some time, and are reportedly growing more common.
The careful e-mails and use of actual employee names give the attacks a better chance of succeeding against a particular target than the net-cast-wide blast approach used for many attacks. Also, attackers may create a new malware variant unknown to antivirus specifically for the targeted attack.
This particular e-mail assault appears to be based on a similar, but more general message Eckelberry linked to that was used previously in other attacks. The targeted attack replaces a 'Dear Business Owner' salutation with the actual employee's name.
PC World's Marketplace
PC World's Free Whitepapers
tech news tech blogs community & forums laptop prices software reviews downloads
Over-reacting to SPAM. Are we throwing out the baby with the bathwater. I have an incredible and low tech answer to SPAM. It is called the , DELETE button. You can learn to use it in 1 simple lesson.
I mean SPAM is really about feeling neglected. Ping goes your PC, WOW someone loves me, they have sent me an email, and then disappointment. It is only an advert for viagra.
Meanwhile, it is now estimated that 20% of legitimate emails are blocked and all because, 'Nobody loves ya baby'
to: antimac 2004. Don't you get it? They are advertising 'FREE' gift card. last time I checked, Free means you don't pay for it. Free means $30 free and clear. And if you bothered reading my comments, I paid $129.99, not $99.99. If the card had been 'free', they would have refunded what I paid, $129.99. If they're afraid of scammers, they shouldn't punish everyone. The gift card is the bait, but if you return it, then they pull the 'switch'.
I think you are the one who doesnt get it...If you had returned the card, u would have gotten a full refund. Not cause you paid $30 for the card and $99 for the item. They do it that way to make sure you return the card unused. Why should you (anyone, not just you) get a free $30 gift card if u dont keep the purchased item. It's just the the way the computer is set up to ring up merchandise. It is a way of keeping track of inventory (both the item and the gift card) This is very common practice in retail, so dont feel ripped off, just take back the gift card, and you should get a full refund. I've worked in retail for 20 years, and the way the receipts print things often dont appear to make any sense, but what matters is the bottom line: waht the amount of the credit back to your credit card is, and if the gift card goes back, your total credit will be the same amount as the purchase. Remember this is the way they keep track of the dollar amount of the gift cards that go out the door