BBB Malware Spam

Perhaps you have heard a bit about the malware spam that started late last week purporting to be an email from the Better Business Bureau? The scammer who crafted the message went to great lengths to ensure that the message looked as legitimate as possible. The subject line of the email typically started with "BBB Complaint for " with a case number, and the message body also referenced the targetted company by name. The from address varied, but was always from the bbb.org domain.

This attack is a perfect example of something that I (and many others) have been talking about for a while in that malware/spam attacks will continue to become more targetted in nature and distributed on a much smaller scale in an attempt to fly under the radar of most service providers.

Message volume in this attack was pretty low, but it was the method of targetting its victims that made this particular malware attack interesting. The message was sent primarily to executive level company managers. When infected a keylogger was installed which would defeat SSL capabilities of web sites because the keystrokes were captured directly from the users keyboard, not from the for elements in the SSL encrypted session.

One of the data repositories for this attack has been found (there is a great writeup over at the SecureWorks website), and according to them as of a couple of days ago more than 1,400 people have been confirmed as victims. That number has likely increased as targets who took time off for a long holiday weekend come back to their inboxes and find the scam waiting for them.

It'll be interesting to see whether or not we see some morphs of this attack over the coming days using other government agencies as social engineering vehicles in an attempt to get more users infected.