Better Business Bureau malware attack spammed out

Graham Cluley
Graham Cluley
@[email protected]

BBB malware attack spammed outHave you received an email claiming to come from the Better Business Bureau (BBB) today? If you did, be careful.

Because the emails don’t really originate from the BBB. Instead, they have been spammed out widely across the internet by cybercriminals hoping that you will be tricked into opening the malicious attachment.

The emails, which have the subject line “Re: Information from BBB”, read as follows:

Here with the better Business Bureau notifies you that we have received a complaint (ID [random number]) from one of your customers with respect to their dealership with you.

Sign up to our free newsletter.
Security news, advice, and tips.

Please open the attached Compliant Report below to obtain more information on this matter and let us know of you point of view as soon as possible.

We are looking forward to your prompt reply.
Better Business Bureau

Better Business Bureau malware attack

If you received an email like that at your business address you might very well be concerned that you have an unhappy customer and open the attachment (which has a filename of Better_Business_Bureau_Complaint-Report-[random number].zip).

Unfortunately, you’ll not be winning an award for good customer service by responding to the complaint – instead you’ll be unwittingly infecting your Windows computer with malware.

Sophos detects the malicious code contained within the attached file as Troj/Bredo-RK.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.