BBB Complaint - Review Carefully

Websense Security Labs is reporting another version of a pesky Trojan that was used earlier this year. This one comes in a Word document, attached to an official looking email from the Better Business Bureau. Be very cautious in your bank and ensure that whomever receives complaints is made aware of this one.

The email shows to be from "Better Business Bureaus [mailto:operations@bbb.org]" or "Better Business Bureaus [mailto:complains-serv@bbb.org]" and tells you that a complaint has been filed against your bank/business. It provides a name in the body of the letter. Examples I have seen show it from Mark Williams or James Macmaster, but this, like the "From" address could easily be changed. It goes on with case numbers and dates so as to appear official. Then it says the Word attachment contains instructions for your response as well as the original complaint. In fact it has a Trojan that will install a keylogger that will upload your data to an internet address in Malaysia.

It may well be time to remind employees NOT to open attachments they are not expecting, to scan them first and to ensure their programs are up to date for virus protection, firewalls, etc.