Some sample emails (the usual fake BBB approach):
Date: Tue, 23 Jan 2012 11:51:58 +0100
From: "BBB" [info@bbb.org]
Subject: Better Business Bureau service
Attachments: betterbb_logo.jpg
Attn: Owner/Manager
Here with the Better Business Bureau would like to inform you that we have received a complaint (ID 23387543) from your customer with respect to their dealership with you.
Please open the COMPLAINT REPORT below to find the details on this question and suggest us about your position as soon as possible.
We hope to hear from you very soon.
Sincerely,
Rebecca Wilcox
Dispute Counselor
Better Business Bureau
Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
==============
Date: Tue, 23 Jan 2012 12:16:00 +0100
From: "Better Business Bureau" [risk.manager@bbb.org]
Subject: Re: your customer�s complaint ID 83031311
Attachments: betterbb_logo.jpg
Hello,
Here with the Better Business Bureau notifies you that we have received a complaint (ID 83031311) from one of your customers in regard to their dealership with you.
Please open the COMPLAINT REPORT below to obtain the details on this question and suggest us about your point of view as soon as possible.
We hope to hear from you very soon.
Regards,
Fernando Grodhaus
Dispute Counselor
Better Business Bureau
The malware tries to download further code from sulusity.com on 209.59.220.65 (Endurance International Group, US).. another one to block. A Wepawet analysis is here.
Update #1: another version is doing the rounds with the initial malware hosted on chillebucks.com (69.163.37.22, Bula Networks California).
Update #2: The Wepawet analysis indicates that this might do something with the user's Facebook account as well as the usual malware payload.
No comments:
Post a Comment