I have to admit, this is a pretty clever method of installing malicious software on business computers. Instead of just performing traditional social engineering ploys to convince employees to open an email attachment, this group of hackers uses the Better Business Bureau’s authority to their advantage. By sending out an email to the company stating that they received a complaint about their business practices, the business will probably be very quick to see what the complaint was about. Since the complaint is attached as as Word document, the business will want to open it. Before you know it, you have a keylogger installed on your system. It just goes to show you that these hackers and fraudsters are extremely clever in provoking people to opening attachments, so make sure to always be on the lookout.

Hackers are trying to play on business’ fear of legal action from customers to trick them into downloading a harmful program distributed through e-mail.

The e-mails purport to come from the Better Business Bureau Inc., an organization that monitors and arbitrates disputes between consumers and businesses in the U.S. and Canada. The e-mails assert that a customer lodged a complaint against the recipient’s business, according to a warning on the Web site of Websense Inc., a security vendor.

The e-mails contain a Microsoft Word attachment with the text of the supposed complaint and instructions for how to respond. But embedded in that document is a keylogging program that captures data on the victim’s computer and then uploads it to a server in Malaysia.[more]

Tags: Hackers, Malware