Complaint from Better Business Bureau really contains malware attack

Graham Cluley
Graham Cluley
@[email protected]

Better Business BureauThe Better Business Bureau (BBB) is well known in North America for championing consumer rights, so if you run a company in the United States or Canada and receive a complaint from the organisation chances are that you will want to take it seriously.

Which is precisely what the cybercriminals behind the latest malware attack being spammed around the world are banking on.

Email messages have been sent to addresses around the world, posing as a communication from the BBB.

Here’s a typical example (click on the image below for a larger version):

Sign up to our free newsletter.
Security news, advice, and tips.


Here is the full text of the message:


The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer's concern are included on the reverse. Please review this matter and advise us of your position.

As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.

In the interest of time and good customer relations, please provide the BBB with written verification of your position in this matter by December 11, 2012. Your prompt response will allow BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.

The Better Business Bureau develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.

We encourage you to print this complaint (attached file), answer the questions and respond to us.

We look forward to your prompt attention to this matter.


The Better Business Bureau Complaint Department

You can probably understand that some firms (who don’t employ security-savvy staff like yourself) might be tempted to open the attached file.

Sophos security products detect the attached malware as Troj/Agent-ZGD – a Trojan horse designed to take remote control of your Windows computer, and allow a remote hacker to gain access and steal information or install more malware onto your PC.

If you use a security product from a different vendor, you should check that your systems are properly protected from this attack.

We’ve seen similar malware attacks in the past which pose as messages from the Better Business Bureau. If you receive one either now, or in the future, please exercise caution.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.