Fake Better Business Bureau Complaint Email

May 19th, 2012 by Kevin Zoll
malware.jpg

!!! MALWARE ALERT !!!
Emails with the subject of BBB assistance Re: Case # 54758388, contain an attachment that is malicious in nature. Recipients are advised to DELETE the email immediately upon receipt. Do NOT click on any links contained in the email. Do NOTdownload the attachment, open it or run the executable file contained in the attachment.If you are a victim of such a scam contact the Internet Crime Complaint Center.

This is a scam – the Better Business Bureau does not send complaints as attachments via email.

The email appears to come from a fake Better Business Bureau employee claiming that the recipient needs to review this matter and advise the Better Business Bureau of their position. This email is fraudulent and does not originate from the Better Business Bureau. The email attachment is malicious and you are strongly advising to not open the attachment.

Should you receive such an email, please disregard its message, and report any information received to Better Business Bureau’s Scam Portal, and then delete it. If you have downloaded the attachment and ran the executable file, immediately do a virus scan.

Technical Details:

Email Header Information
Return-Path: <ameliaajr16@eurobiobiz.com>
Delivery-Date: Fri, 18 May 2012 22:05:51 -0400
Received-SPF: pass (mxus3: domain of eurobiobiz.com designates 113.220.129.145 as permitted sender) client-ip=113.220.129.145; envelope-from=ameliaajr16@eurobiobiz.com; helo=[113.220.129.145];
Received: from [113.220.129.145] ([113.220.129.145])
by mx.perfora.net (node=mxus3) with ESMTP (Nemesis)
id 0MSN0N-1SgAog1iJf-00TgL5 for spd@malwareteks.com; Fri, 18 May 2012 22:05:51 -0400
Received: from [209.135.16.52] (account beautify04@anbid.com.br HELO cjgpntrcmacxmq.pccnyhpa.ru)
by (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 683923474 for spd@malwareteks.com; Sat, 19 May 2012 09:51:28 +0800
Date:  Sat, 19 May 2012 09:51:28 +0800
From:  “Better Business Bureau” <info@bbb.org>
X-Mailer: The Bat! (v2.00.18) Business
X-Priority: 3 (Normal)
Message-ID: <6342072830.A7MMH2LF793378@yioawrtrkn.efqjsmuivrbkw.ua>
To: <REDACTED>
Subject: BBB assistance Re: Case # 54758388
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”———-2355B0B33809B4″
X-UI-Loop: V01:2WIZ9csPR2c=:KbEFb2Gd6Zv+sEwd0RzNpclwJwlj1+BXYtFGXHAyBz8=
X-UI-Junk: AutoMaybeJunk +0 ();
V01:gGs4UThv:oKC1iUFVx7qqkU7vaWNd3GCC51ue2RLhb8FslSggE/7EjzCZU83
gUyMyltaeFv2Gu6NSKrpqronaIkdl+ncWhqVFANKZ76ssylHCYWTXuyPPd7n+1zu
s94IoBMIFzTRsw6sde//EfNCoV0aPSerjWtG7iUleojnj268AbOmsh9tO3Gr5WGB
jG5Rbd9zzFYOl
Envelope-To: <REDACTED>

Email Body
Dear Sirs,The Better Business Bureau has received the above mentioned complaint from one of your associates in respect of their dealings with you.
The detailed information about the consumer’s concern is explained in enclosed document.
Please examine this matter and advise us of your standpoint.
We kindly ask you to open the ATTACHED REPORT to reply this complaint.We look forward to your urgent reply.Faithfully yours,

Paula Tap

Dispute Counselor
Better Business Bureau

Email Attachment: BBB abuse.zip
SIZE: 40.0 KB (40985 bytes)
MD5: BCBACFD214EA6B951419C488548646EA
VirusTotal Results

 

AntivirusResultUpdated
AhnLab-V3Win-Trojan/Kuluoz.5529620120519
AntiVir20120518
Antiy-AVL20120519
AvastWin32:Dropper-gen [Drp]20120519
AVG20120519
BitDefenderTrojan.Generic.KDV.62724920120519
ByteHero20120518
CAT-QuickHeal20120518
ClamAV20120519
CommtouchW32/Trojan2.NRGZ20120519
ComodoHeur.Suspicious20120519
DrWebBackDoor.Andromeda.2220120519
EmsisoftTrojan.Win32.Jorik!IK20120519
eSafe20120516
eTrust-Vet20120517
F-ProtW32/Trojan2.NRGZ20120519
F-SecureTrojan.Generic.KDV.62724920120519
FortinetW32/Jorik_Androm.JO!tr20120519
GDataTrojan.Generic.KDV.62724920120519
IkarusTrojan.Win32.Jorik20120519
Jiangmin20120519
K7AntiVirus20120518
KasperskyTrojan.Win32.Jorik.Androm.jo20120519
McAfee20120519
McAfee-GW-Edition20120519
MicrosoftWorm:Win32/Gamarue.I20120519
NOD32Win32/TrojanDownloader.Wauchos.A20120519
Norman20120519
nProtect20120519
Panda20120519
PCTools20120519
Rising20120518
SophosMal/EncPk-ZC20120519
SUPERAntiSpyware20120519
Symantec20120519
TheHacker20120519
TrendMicro20120519
TrendMicro-HouseCall20120519
VBA3220120518
VIPRETrojan.Win32.Generic!BT20120519
ViRobot20120519
VirusBuster20120519
MIMEType……………..: application/zip
ZipRequiredVersion…….: 20
ZipCRC……………….: 0xbdd9215c
FileType……………..: ZIP
ZipCompression………..: Deflated
ZipUncompressedSize……: 55296 bytes
ZipCompressedSize……..: 40825 bytes
ZipFileName…………..: BBB abuse.exe
ZipBitFlag……………: 0
ZipModifyDate…………: 2012:05:18 23:11:23

Facebook Comments



Leave a Reply

You must be logged in to post a comment.

Supportscreen tag