Jump to content


Photo

Better Business Bureau targeted malware spam


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,566 posts

Posted 26 May 2007 - 05:52 AM

FYI...

- http://isc.sans.org/...ml?storyid=2853
Last Updated: 2007-05-25 22:54:35 UTC ~ "We are receiving more reports about targeted attacks claiming to be from the Better Business Bureau. The spam always comes with an RTF attachment. Does this ring a bell? If you’re a frequent reader of ISC you might remember that I already posted an analysis of such an attack back in March – you can find it here: http://isc.sans.org/...ml?storyid=2528 . BBB also posted an alert about this quite a while ago ( http://www.bbb.org/a...icle.asp?ID=747 ).
Basically the attackers use an application called Object Packager to embed an executable in a RTF document. The executable is typically a downloader which, when executed, downloads a second stage malware. The attackers keep changing both the downloader and second stage malware, together with sites they are using. It is worth pointing again that this attack does not exploit any Office vulnerability; instead it relies on social engineering (see the screenshots in the old diary).
While the attack itself is not very interesting, what is interesting is that the spam e-mails carrying this seem to be targeted. In fact, almost all reports we’ve received lately (and Sunbelt blogged about the same thing at http://sunbeltblog.b...ous-better.html ) claimed that only a couple of users in attacked organizations received this and that they were almost always CEOs or CFOs..."

:eek:

Edited by apluswebmaster, 26 May 2007 - 06:05 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,566 posts

Posted 28 May 2007 - 07:39 AM

FYI...

- http://isc.sans.org/...ml?storyid=2853
Last Updated: 2007-05-27 20:23:35 UTC
"...Update:
Joe Stewart has put together a nice write-up on the BBB phishing schemes. His blog entry is available at http://www.securewor...hreats/bbbphish ."


.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button