Websense has detected a new round of ‘Better Business Bureau' spam emails.
The Websense Security Labs ThreatSeeker Network has identified the spam which uses social engineering tactics to entice readers to follow a link in the message in order to ‘register new software and update contact information'.
It claimed that tens of thousands of messages had been sent, and from appearance, looks like it has been sent by the same phishers who targeted customers of the Bank of America, Wachovia, Royal Bank of Scotland and others.
The email is a standard email message that informs the recipient of an enhancement with new security measures, and that they need to download a ‘BBB company certificate'.
The link takes the user to a copy of the BBB page where a download of the ‘certificate' named ‘TrustedBBBCertificate.exe' will install a Trojan downloader. When executed, it takes the user to another web page, which is hosted on another malicious domain, for the ‘Certificate Registration'.
On this page various options are given to the user to search the company database – either by phone, database or URL – and the site will also try to get the victim to download the certificate once again.
Websense has warned against this new campaign, and advised that Websense Messaging and Web Security Customers are protected against this threat.
The Websense Security Labs ThreatSeeker Network has identified the spam which uses social engineering tactics to entice readers to follow a link in the message in order to ‘register new software and update contact information'. It claimed that tens of thousands of messages had been sent, and from appearance, looks like it has been sent by the same phishers who targeted customers of the Bank of America, Wachovia, Royal Bank of Scotland and others. The email is a standard email message that informs the recipient of an enhancement with new security measures, and that they need to download a ‘BBB company certificate'. The link takes the user to a copy of the BBB page where a download of the ‘certificate' named ‘TrustedBBBCertificate.exe' will install a Trojan downloader. When executed, it takes the user to another web page, which is hosted on another malicious domain, for the ‘Certificate Registration'. On this page various options are given to the user to search the company database – either by phone, database or URL – and the site will also try to get the victim to download the certificate once again. Websense has warned against this new campaign, and advised that Websense Messaging and Web Security Customers are protected against this threat.
See original article on scmagazineus.com