The name and reputation of the Better Business Bureau have been utilized in spam campaigns for quite some time now, but every once in a while security researchers feel obligated to write about them because they’re constantly being improved and become more and more dangerous.
Carrying subject lines such as “BBB Case #123543” or “ BBB Complaint activity report,” the cleverly designed emails originate from various email addresses, most likely in an attempt to avoid being detected by spam filters.
Here’s what some of the emails look like:
Dear business owner, we have received a complaint about your company possible involvement in check cashing and Money Order Scam.
You are asked to provide response to this complaint within 7 days.
Failure to provide the necessary information will result in downgrading your Better Business
Bureau rating and possible cancellation of your BBB accreditation status.
Websense solutions have been blocking hundreds of thousands of phony BBB message each hour. Experts report
that the links they contain lead victims, via multiple redirection paths, to the recently launched BlackHole 2.0 exploit kit.
Websense isn’t the only security firm that has intercepted a large number of such emails. Experts from MX Lab also analyzed
them and they identified a second version that’s currently being sent out.
Entitled “BBB – Read Your Customer Review,” the shady messages look something like this:
One of your customers has submitted a review of your company.
The Customer Review has NOT yet been posted in your BBB Business Review.
You can read the Customer Review and at your option provide a comment by logging into your BBB account.
Please login and use the link below.
Your BBB ID: 84167
Your emails is: firstname.lastname@example.org
The text might be different, but the redirection path is similar. Also, the exploit kit that’s being used to push malware is the same BlackHole 2.0.