• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
AplusWebMaster

Better Business Bureau targeted malware spam

2 posts in this topic

FYI...

 

- http://isc.sans.org/diary.html?storyid=2853

Last Updated: 2007-05-25 22:54:35 UTC ~ "We are receiving more reports about targeted attacks claiming to be from the Better Business Bureau. The spam always comes with an RTF attachment. Does this ring a bell? If you’re a frequent reader of ISC you might remember that I already posted an analysis of such an attack back in March – you can find it here: http://isc.sans.org/diary.html?storyid=2528 . BBB also posted an alert about this quite a while ago ( http://www.bbb.org/alerts/article.asp?ID=747 ).

Basically the attackers use an application called Object Packager to embed an executable in a RTF document. The executable is typically a downloader which, when executed, downloads a second stage malware. The attackers keep changing both the downloader and second stage malware, together with sites they are using. It is worth pointing again that this attack does not exploit any Office vulnerability; instead it relies on social engineering (see the screenshots in the old diary).

While the attack itself is not very interesting, what is interesting is that the spam e-mails carrying this seem to be targeted. In fact, almost all reports we’ve received lately (and Sunbelt blogged about the same thing at http://sunbeltblog.blogspot.com/2007/05/se...ous-better.html ) claimed that only a couple of users in attacked organizations received this and that they were almost always CEOs or CFOs..."

 

:eek:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

- http://isc.sans.org/diary.html?storyid=2853

Last Updated: 2007-05-27 20:23:35 UTC

"...Update:

Joe Stewart has put together a nice write-up on the BBB phishing schemes. His blog entry is available at http://www.secureworks.com/research/threats/bbbphish ."

 

 

.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0