E-mail attacks dressed up as complaints from the Better Business Bureau have included a personal twist, using company details in an attempt to fool the recipients into running malicious code.
The personalized attacks got spotlighted on Wednesday, when the vice president of security firm Sunbelt Software received an apparent automated complaint notification from the Better Business Bureau. The e-mail included the name of the vice president, the statement that it was a complaint against Sunbelt Software, and cited Monday as the date the complaint was filed. The message stated that details of the actual incident were supposedly described in a rich text format (RTF) attachment.
In other ways, the attack matched a mass-mailed Trojan horse sent out in February from a hacked server of a Georgia firm. Those attacks appeared to contain less personalization, according to advisories issued by the BBB. Sunbelt Software analyzed the malicious code included in the latest version of the attack and found data stealing software.
"We suspect (this is) a worm," Alex Eckelberry, CEO of Sunbelt Software, said in an e-mail interview. "But the personalization was extraordinary."
E-mail security firm MessageLabs has detected a significant number of such attacks and categorizes the scheme as a mass attack, said Alex Shipp, a senior researcher that holds the title "Imagineer" at the company. Security firm Websense also issued an advisory for the scheme on Thursday.
Targeted attacks against companies are on the rise, according to data from MessageLabs. Many of the attacks come from China and typically target a single e-mail address with a message specifically written for the target.
The latest attack uses an executable file -- compressed by a packer -- embedded in an RTF document to bypass many antivirus scanners. Any stolen data is sent to a server in Kuala Lumpur, Malaysia, Sunbelt Software said.
Posted by: Robert Lemos