Another day, another spam campaign leading to the Blackhole Exploit Kit.
Date: Wed, 7 Dec 2011 08:33:03 +0000
From: "::Better Business Bureau::" [risk.manager@bbb.org]
Subject: Complaint from your customers
Attachments: bbb_logo.jpg
Attn: Owner/Manager
The Better Business Bureau has been sent the above mentioned complaint from one of your customers on the subject of their dealings with you.
The detailed information about the consumer's concern is explained in enclosed document.
Please review this matter and notify us of your position.
Please click here to reply this complaint.
We look forward to your prompt reply.
Yours faithfully,
Shawna Dennis
Better Business Bureau
Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
A link in the email goes to a legitimate but hacked site, users are forwarded to
billycharge.com on
79.137.237.63. This IP is on Digital Networks CJSC in Russia (aka DINETHOSTING), a wholly black hat operation - you should block access to 79.137.224.0/20 if you haven't already done so. The Wepawet report is
here , VT shows
0/43 detections for the exploit page although the download malware should tickle at least some scanners.
Some other subjects and senders being used in this spam:
- BBB assistance Re: Case # [random number]
- BBB Complaint activity report
- BBB processing
- BBB service Re: Case # [random number]
- Better Business Bureau Case # [random number]
- Complaint from your customers
- Please review your customer's complaint
- Re: BBB Case # [random number]
- Re: Case # [random number]
- Your customer's complaint
- Your customer's concern
- admin@bbb.org
- alert@bbb.org
- alerts@bbb.org
- info@bbb.org
- manager@bbb.org
- risk.manager@bbb.org
- risk@bbb.org
- service@bbb.org
- support@bbb.org