Businesses throughout North America need to be on the lookout for an emailed phishing attempt that purports to come from the Better Business Bureau but is really a mechanism for the spread of malware known as Troj/Agent-ZGD, a Trojan horse that executes remote code.
The fairly convincing text of the message generically addresses the owner/manager of the targeted business and references a complaint from a fictional customer that is detailed in an attachment that the recipient is invited to open.
"One thing that makes this a little bit suspicious is that it went out on Dec. 10, and it asks for a response by Dec. 11," observed Richard Wang, manager of SophosLabs US. "I suspect that if you really got an inquiry from the BBB, they would give you more than 24 hours to respond."
[Related: The 10 Biggest Security Stories Of 2012]
The email goes on to offer the bureau's assistance in the settlement of the dispute, and continues on to explain that the bureau maintains customer satisfaction reports on companies throughout the United States and Canada, and how such complaints become attached to the company's permanent file.
"This information is available to the public and is frequently used by potential customers," the notice reads. "Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company."
Unlike many phishing attempts, the notice is couched in proper English and accurately uses general business terminology, which lends credence to its false authenticity. It continues by saying, "Your prompt response will allow the BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter."
Wang agrees that, aside from the dates, the email looks pretty convincing.
"If you're a business owner receiving this, you'd be hard-pressed to dispose of it without looking into it," he said. "A lot of times, we might receive notices from other organizations, but we know we did not buy airline tickets and we are not expecting a package. But with this kind of thing, we might not necessarily know if someone has filed a complaint."
Wang recommends that anyone who receives this notice contact the local office of their Better Business Bureau and not open the attachment.
PUBLISHED DEC. 11, 2012
