Sponsored by..

Tuesday 20 December 2011

BBB Spam / blumtam.com

More BBB spam, this time attempting to deliver users to a malicious payload on blumtam.com. A couple of samples:

Date:      Tue, 20 Dec 2011 00:34:38 -0800
From:      "BBB" [alerts@bbb.org]
Subject:      Re: your customer�s complaint ID 82235322
Attachments:     betterbb_logo.jpg

Attention: Owner/Manager

Here with the Better Business Bureau would like to inform you that we have been sent a complaint (ID 82235322) from a customer of yours in regard to their dealership with you.

Please open the COMPLAINT REPORT below to obtain the details on this case and let us know of your position as soon as possible.

We hope to hear from you shortly.

Kind regards,

Fernando Grodhaus

Dispute Counselor
Better Business Bureau


Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
and
Date:      Tue, 20 Dec 2011 11:09:23 +0200
From:      "BBB" [alerts@bbb.org]
Subject:      BBB case ID 59988329
Attachments:     betterbb_logo.jpg

Hello,

Here with the Better Business Bureau would like to notify you that we have been filed a complaint (ID 59988329) from a customer of yours related to their dealership with you.

Please open the COMPLAINT REPORT below to view more information on this matter and let us know of your opinion as soon as possible.

We are looking forward to hearing from you.

Faithfully,

Theresa Morris

Dispute Counselor
Better Business Bureau


Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Payload is on blumtam.com/main.php?page=69dbd5a1e3ed6ae9 hosted on 78.47.198.36, a Hetzner AG address suballocated to an outfit called QHoster Ltd in Bulgaria. Blocking access to 78.47.198.32/29 would probably be prudent.

9 comments:

ona said...

Thanks for this--just got one of these and decided to do a quick search before "clicking the link." You provided a VERY helpful service today!

Ona

Billy said...

We received the same notice today. i thought it was suspicious after looking at the address of the link the email was instructing me to open. link was to lachacbraque.fr address. i googled that address and it turns out to be some chalet for rent in France. then i searched some more and found this post. thank you so much for posting!

TAD said...

I received this e-mail today also. Googled it and found your blog. Thanks for comfirming what I thought!

Donald Williamson said...

It's still going on. i received mine today.

LucyLee said...

I received one of these today on work computer. I Goggled the persons name and reached this blog. Thanks for being a watchdog.
LucyLee

Nina said...

I recieved this same email today at my work address and decided to google the name since it seemed fishy.
I came across this blog listing the email as spam.
Thanks for posting and warning all of us!

Andrea said...

Okay, it's still out there. I received several e-mails today and yesterday, but didn't really want to click on the link it mentioned. Thank you for posting this warning. Very helpful.

KDJ said...

it is still out there. i just got one today and searched it out and here was your message informing me that it was spam. thanks!

KDJ said...

it's still out there. got the same email as posted in your blog and luckily i searched it out before clicking on any link as it was noted as spam in my system.
thanks!