Annys Shinn (Washington Post) is reporting:
The Better Business Bureau network was the target of a "spoofing" scam yesterday in which thousands of businesses in the United States and Canada received e-mails encouraging them to download what is thought to be a computer virus.Washington Post article, here.
The e-mails, using the name of the 95-year-old network of nonprofit groups that looks into consumer complaints, told businesses that they were the subject of a complaint and included a link to view related documents. Clicking on the link, however, accessed the address book of an infected computer and distributed the counterfeit e-mail to more recipients, said Steve Cox, spokesman for the Council of Better Business Bureaus.
Wandering to the BBB site to see what they had to say, I found a little more information. Apparently, if you click on the link, it downloads an executable file, believed to contain a virus.
The BBB and others are calling this a phishing attempt, but in phishing the intent is normally to get the user to provide personal, and or financial information to the sender. Since this doesn't seem to be the case, and no one is saying exactly what the executable file (virus) is, this doesn't appear to be phishing.
It will be interesting to see exactly what this executable file does, but some computer viruses (crimeware and malware) download keyloggers, which log a person's keystrokes and are used to steal personal and financial information.
Other computer viruses might turn a computer into a zombie, which allows someone else to use it for their own purposes (sending spam or denial of service attacks). Zombie computers are formed into what is known as botnets (groups of zombie computers), which are used for illicit purposes by their "controller."
You can download a lot of nasty things by clicking on something from someone you don't know. And the people behind it like to spoof well known entities, such as the BBB. Organizations from eBay to the FBI have been spoofed in the past.
Example of spoofed e-mail from the BBB site:
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Tuesday, February 13, 2007 6:06 AM To: XXXX
Subject: BBB Case #263621205 - Complaint for XXXX
Dear Mr./Mrs. XXXX
You have received a complaint in regards to your business services. The complaint was filled by Mr. XXXX on 02/05/2007/
Use the link below to view the complaint details:
DOCUMENTS FOR CASE #263621205
Complaint Case Number: 263621205
Complaint Made by Consumer Mr. XXXX Complaint
Registered Against: Company XXXX
Instructions on how to resolve this complaint as well as a copy of the original complaint can be obtained using the link below:
DOCUMENTS FOR CASE #263621205
Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:
- Claims based on product liability;
- Claims for personal injuries;
- Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.
The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.
The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.