New Wave of BBB Scam Spreads Downloader of ZBot
It’s the time of the year again when malware criminals launch a new episode of the Better Business Bureau spam campaign. This time, the e-mails infect people with a Trojan that steals sensitive information from recipients.
If you were lucky enough not to receive this kind of spam, the BBB attack consists of a message supposedly from the Better Business Bureau telling recipients that a business customer has filed a formal complaint against them.
The bogus e-mail invites the recipient to reply and mend the situation, but not before they open the attached document that, depending on the campaign, hides a downloader, a password stealer, and a BlackHole component. The subject line of these messages generally read: “complaint report,” “complaint ID,” “case” and a set of random digits.
The bogus e-mails used in the January campaign carry as an attachment a zip file named “case” and arbitrary signs that hide a password stealer and a downloader of ZBot – identified by Bitdefender as Trojan.Generic.KD.835502. To make it more believable, attackers deliver the exe file with the Adobe Reader icon, so if file extensions are hidden by the operating system, chances are you’ll mistake it for a PDF document.
ZBot is a banker Trojan that steals e-banking information and logs keystrokes, but also has some limited backdoor and proxy features that allows its masters to take control of the machine.
Crooks seem to find the BBB scam highly rewarding, as they refresh it several times a year since it was first spotted in 2010. It was November 2012 when Bitdefender anti-spam lab signaled another huge wave of BBB scam spreading Trojan.Generic.8271699, a downloader awfully similar to the infamous BlackHole exploit pack.
Tips and tricks you might find useful in this situation
Organizations such as the Better Business Bureau NEVER send complaints via e-mail with attachments and links, exactly to avoid frauds.
EXE files are a big no-no in e-mail messages. In fact, they are so dangerous that no company will e-mail you this kind of attachment. If your e-mail messages carry an exe file, just get rid of it.
When you receive a message that you think it’s suspicious, verify its legitimacy by contacting BBB locally or by forwarding it to the official Better Business Bureau’s firstname.lastname@example.org.
Choose a reliable antivirus solution with top of the class anti-spam and anti-phishing modules and keep it updated at all times.