Hundreds of thousands of spam messages are sent out every hour

Sep 25, 2012 06:58 GMT  ·  By

The name and reputation of the Better Business Bureau have been utilized in spam campaigns for quite some time now, but every once in a while security researchers feel obligated to write about them because they’re constantly being improved and become more and more dangerous.

Carrying subject lines such as “BBB Case #123543” or “ BBB Complaint activity report,” the cleverly designed emails originate from various email addresses, most likely in an attempt to avoid being detected by spam filters.

Here’s what some of the emails look like: Dear business owner, we have received a complaint about your company possible involvement in check cashing and Money Order Scam.

You are asked to provide response to this complaint within 7 days. Failure to provide the necessary information will result in downgrading your Better Business

Bureau rating and possible cancellation of your BBB accreditation status. Complaint ID#793354020

Websense solutions have been blocking hundreds of thousands of phony BBB message each hour. Experts report that the links they contain lead victims, via multiple redirection paths, to the recently launched BlackHole 2.0 exploit kit.

Websense isn’t the only security firm that has intercepted a large number of such emails. Experts from MX Lab also analyzed them and they identified a second version that’s currently being sent out.

Entitled “BBB – Read Your Customer Review,” the shady messages look something like this:

One of your customers has submitted a review of your company.

The Customer Review has NOT yet been posted in your BBB Business Review. You can read the Customer Review and at your option provide a comment by logging into your BBB account.

Please login and use the link below. http://www.bbb.org/boston/login/504/

Your BBB ID: 84167 Your emails is: [email protected]

The text might be different, but the redirection path is similar. Also, the exploit kit that’s being used to push malware is the same BlackHole 2.0.