Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Websense: Security Alert

October 2008 by Websense

Websense Security Labs ThreatSeeker Network has discovered another round of malicious BBB spam today. The spam contains a spoofed From address to look as if the message was sent by the Better Business Bureau. The message uses social engineering tactics to entice readers to follow a link in the message in order to "register new software and update contact information".

We have seen tens of thousands of these messages coming in since noon today. Also of note is that, from the format of these messages and the resulting links, this looks like it was done by the same group that has been spamming out malicious phishes targeting customers of Bank of America, Wachovia, Royal Bank, and others.

Clicking on the link takes the victim to a page which looks like the BBB site. The site stresses that a digital certificate should be used while browsing the BBB site. It then provides a prompt to download a file called "TrustedBBBCertificate.exe" which is actually! a Trojan Downloader (SHA-1 dcefc1fb912d7bb536de3e66d9c5c6c8465f0790).

When this file is executed, it takes the victim to another Web page, which is hosted on another malicious domain, for the "Certificate Registration". This secondary site also tries to get the victim to download "TrustedBBBCertificate.exe".


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts