Fake Better Business Bureau Complaint Email

May 19th, 2012 by Kevin Zoll

malware.jpg

!!! MALWARE ALERT !!!
Emails with the subject of BBB assistance Re: Case # 54758388, contain an attachment that is malicious in nature. Recipients are advised to DELETE the email immediately upon receipt. Do NOT click on any links contained in the email. Do NOTdownload the attachment, open it or run the executable file contained in the attachment.If you are a victim of such a scam contact the Internet Crime Complaint Center.

This is a scam – the Better Business Bureau does not send complaints as attachments via email.

The email appears to come from a fake Better Business Bureau employee claiming that the recipient needs to review this matter and advise the Better Business Bureau of their position. This email is fraudulent and does not originate from the Better Business Bureau. The email attachment is malicious and you are strongly advising to not open the attachment.

Should you receive such an email, please disregard its message, and report any information received to Better Business Bureau’s Scam Portal, and then delete it. If you have downloaded the attachment and ran the executable file, immediately do a virus scan.

Technical Details:

Email Header Information
Return-Path: <ameliaajr16@eurobiobiz.com>
Delivery-Date: Fri, 18 May 2012 22:05:51 -0400
Received-SPF: pass (mxus3: domain of eurobiobiz.com designates 113.220.129.145 as permitted sender) client-ip=113.220.129.145; envelope-from=ameliaajr16@eurobiobiz.com; helo=[113.220.129.145];
Received: from [113.220.129.145] ([113.220.129.145])
by mx.perfora.net (node=mxus3) with ESMTP (Nemesis)
id 0MSN0N-1SgAog1iJf-00TgL5 for spd@malwareteks.com; Fri, 18 May 2012 22:05:51 -0400
Received: from [209.135.16.52] (account beautify04@anbid.com.br HELO cjgpntrcmacxmq.pccnyhpa.ru)
by (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 683923474 for spd@malwareteks.com; Sat, 19 May 2012 09:51:28 +0800
Date:  Sat, 19 May 2012 09:51:28 +0800
From:  “Better Business Bureau” <info@bbb.org>
X-Mailer: The Bat! (v2.00.18) Business
X-Priority: 3 (Normal)
Message-ID: <6342072830.A7MMH2LF793378@yioawrtrkn.efqjsmuivrbkw.ua>
To: <REDACTED>
Subject: BBB assistance Re: Case # 54758388
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”———-2355B0B33809B4″
X-UI-Loop: V01:2WIZ9csPR2c=:KbEFb2Gd6Zv+sEwd0RzNpclwJwlj1+BXYtFGXHAyBz8=
X-UI-Junk: AutoMaybeJunk +0 ();
V01:gGs4UThv:oKC1iUFVx7qqkU7vaWNd3GCC51ue2RLhb8FslSggE/7EjzCZU83
gUyMyltaeFv2Gu6NSKrpqronaIkdl+ncWhqVFANKZ76ssylHCYWTXuyPPd7n+1zu
s94IoBMIFzTRsw6sde//EfNCoV0aPSerjWtG7iUleojnj268AbOmsh9tO3Gr5WGB
jG5Rbd9zzFYOl
Envelope-To: <REDACTED>

Email Body
Dear Sirs,The Better Business Bureau has received the above mentioned complaint from one of your associates in respect of their dealings with you.
The detailed information about the consumer’s concern is explained in enclosed document.
Please examine this matter and advise us of your standpoint.
We kindly ask you to open the ATTACHED REPORT to reply this complaint.We look forward to your urgent reply.Faithfully yours,

Paula Tap

Dispute Counselor
Better Business Bureau

Email Attachment: BBB abuse.zip
SIZE: 40.0 KB (40985 bytes)
MD5: BCBACFD214EA6B951419C488548646EA
VirusTotal Results

 

Antivirus Result Updated
AhnLab-V3 Win-Trojan/Kuluoz.55296 20120519
AntiVir 20120518
Antiy-AVL 20120519
Avast Win32:Dropper-gen [Drp] 20120519
AVG 20120519
BitDefender Trojan.Generic.KDV.627249 20120519
ByteHero 20120518
CAT-QuickHeal 20120518
ClamAV 20120519
Commtouch W32/Trojan2.NRGZ 20120519
Comodo Heur.Suspicious 20120519
DrWeb BackDoor.Andromeda.22 20120519
Emsisoft Trojan.Win32.Jorik!IK 20120519
eSafe 20120516
eTrust-Vet 20120517
F-Prot W32/Trojan2.NRGZ 20120519
F-Secure Trojan.Generic.KDV.627249 20120519
Fortinet W32/Jorik_Androm.JO!tr 20120519
GData Trojan.Generic.KDV.627249 20120519
Ikarus Trojan.Win32.Jorik 20120519
Jiangmin 20120519
K7AntiVirus 20120518
Kaspersky Trojan.Win32.Jorik.Androm.jo 20120519
McAfee 20120519
McAfee-GW-Edition 20120519
Microsoft Worm:Win32/Gamarue.I 20120519
NOD32 Win32/TrojanDownloader.Wauchos.A 20120519
Norman 20120519
nProtect 20120519
Panda 20120519
PCTools 20120519
Rising 20120518
Sophos Mal/EncPk-ZC 20120519
SUPERAntiSpyware 20120519
Symantec 20120519
TheHacker 20120519
TrendMicro 20120519
TrendMicro-HouseCall 20120519
VBA32 20120518
VIPRE Trojan.Win32.Generic!BT 20120519
ViRobot 20120519
VirusBuster 20120519
MIMEType……………..: application/zip
ZipRequiredVersion…….: 20
ZipCRC……………….: 0xbdd9215c
FileType……………..: ZIP
ZipCompression………..: Deflated
ZipUncompressedSize……: 55296 bytes
ZipCompressedSize……..: 40825 bytes
ZipFileName…………..: BBB abuse.exe
ZipBitFlag……………: 0
ZipModifyDate…………: 2012:05:18 23:11:23



Support