Recent Posts

Community

Email Notifications

Personal Links

Archives

Harry Waldron - IT Security

Security Developments, Software Updates and Best Practices

New Targeted Attacks - Appear to come from Better Business Bureau complaints

Email A new series of these continuing attacks have been sent to company executives. While they appear to be authentic, the BBB, government agencies, or banks never perform official business via email (or when in doubt, always call the sender first to ensure it's from them)

BBB Case #947344536
http://www.f-secure.com/weblog/archives/00001431.html

QUOTE:  We're seeing some new BBB trojan attacks going around. This attack method is well-known and has been occurring for months: A high-level executive inside an organization receives an e-mail that mentions a complaint supposedly made to the Better Business Bureau (USA). The e-mail appears to be credible and links to a site in order to download the complaint. The download claims to require IE and ActiveX in order to succeed. Once ActiveX is enabled, the sites drops a backdoor on the system.  This would be fairly convincing to most recipients, especially since the real company and individual names are used.

Example of the new email scam
http://www.f-secure.com/weblog/archives/bbb0.png

Posted: May 06 2008, 08:52 PM by Harry Waldron | with no comments