Once the email attachments or links are accessed, a "backdoor" is opened for the crooks

Apr 5, 2012 08:51 GMT  ·  By

Some time ago we’ve reported that a malicious email purporting to originate from the Better Business Bureau (BBB) was landing in inboxes, urging recipients to download an alleged complaint that in reality contained a nasty piece of malware. As it turns out, there are already a number of victims, one of which lost $100,000 (€75,000).

According to the Internet Crime Complaint Center (IC3), the agency has received over 40 complaints, one of which from an organization that claims to have lost the large amount after the malware that came attached to the email allowed the crooks to wire the money from the firm’s bank account.

It turns out that this was possible because of a keylogger that installed itself on the system when the attachment was opened and executed. The piece of malware recorded the company’s banking password, giving the fraudsters the opportunity to easily transfer the money to their own accounts.

Security experts found that some variants of the malicious notifications carry a link that redirects users to compromised WordPress sites that host the BlackHole Exploit Kit, which looks for vulnerabilities in the system with the purpose of pushing the Cridex worm.

The BBB issued an alert regarding the phony emails in December 2011, advising internet users to ignore the emails even if they appear to be sent from a legitimate email address, such as “riskmanager.bbb.org.”

The IC3 informs that there are other malicious notifications that are currently making the rounds. One of them claims to come from a utility company, having a bill attached. The so-called bill is actually a zip file that holds a virus.

The government organization also advises internauts to be on the lookout for moving company schemes. Apparently, a number of them, unconnected to one another, rely on counterfeit checks or hidden fees.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1