INCA Internet response team detected malicious e-mail disguised as sent by BBB(Better Business Bureau). This is the first case of being found in Korea. The Better Business Bureau (BBB), founded in 1912, is a corporation consisting of a number of separately governed and incorporated local BBB organizations in the United States and Canada, affiliated with the Council of Better Business Bureaus (CBBB).
Besides, getting "satisfactory" from BBB on a company is boastful.
2. Spreading cases
Malicious e-mail is disguised sent by Better Business Bureau <email@example.com>. Its title and contents are also disguised as sent by BBB.
Attached "BBB Report.zip" contains "BBB report.exe", which is an executable file.
When executing "BBB report.exe", it creates its clone as a svchost.exe on "All Users folder".
And it adds registry on following path and makes run on booting.
svchost.exe tries to access TCP/IP, yet it doesn't connect certain host.
Spreading malicious file with social engineering is one of traditional technique. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.