<<<
Monday, May 5, 2008
>>>
 
BBB Case #947344536 Posted by Mikko @ 16:05 GMT

We're seeing some new BBB trojan attacks going around.

This attack method is well-known and has been occurring for months: A high-level executive inside an organization receives an e-mail that mentions a complaint supposedly made to the Better Business Bureau (USA). The e-mail appears to be credible and links to a site in order to download the complaint. The download claims to require IE and ActiveX in order to succeed. Once ActiveX is enabled, the sites drops a backdoor on the system.

The message looks like this:

BBB

This would be fairly convincing to most recipients, especially since the real company and individual names are used.

The message links to a page under us-bbb.com (the real BBB site is at us.bbb.org).

BBB

The site was running over the weekend, was down today on Monday and then just reappeared — with a modified version of the malware.

If the recipient enables ActiveX, the site sends the system a CAB file which gets automatically installed as Acrobat.exe — and displays this:

BBB

In reality, it's just installed a backdoor (which we detect as an Agent variant).

Nasty stuff. Watch out.






<<< Try our Latest Technology
|
SQL Injection Continues >>>