12345

5/03/2012

[Caution] Malicious e-mail about BBB(Better Business Bureau)


1. Information


INCA Internet response team detected malicious e-mail disguised as sent by BBB(Better Business Bureau). This is the first case of being found in Korea. The Better Business Bureau (BBB), founded in 1912, is a corporation consisting of a number of separately governed and incorporated local BBB organizations in the United States and Canada, affiliated with the Council of Better Business Bureaus (CBBB).
Besides, getting "satisfactory" from BBB on a company is boastful.



2. Spreading cases

- http://atlanta.bbb.org/article/its-back-fake-bbb-complaint-email-makes-rounds-in-2012-32038

[Caution] Malicious files disguising as sent logistics services companies 

Malicious e-mail is disguised sent by Better Business Bureau <info@bbb.org>. Its title and contents are also disguised as sent by BBB.


Attached "BBB Report.zip" contains "BBB report.exe", which is an executable file.


When executing "BBB report.exe", it creates its clone as a svchost.exe on "All Users folder".


And it adds registry on following path and makes run on booting.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched   c:\documents and settings\all users\svchost.exe



svchost.exe tries to access TCP/IP, yet it doesn't connect certain host.

3. Summary

Spreading malicious file with social engineering is one of traditional technique. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function “ON”
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.

No comments:

Post a Comment