Another round of Better Business Bureau (BBB) email scams are arriving in users inboxes today marking the 4th round of similar scams since December 2011. Like the previous versions, this round of emails have also been socially engineered to trick users into opening its malicious attachment. The email contains a forged “From:” field (Better Business Bureau [RobinRichard@newyork.bbb.org]) in an attempt to mislead the user into thinking it was sent directly from the BBB. The email itself contains the company's name and identifiable BBB torch logo, and arrives with a variety of Subject lines, such as:
Case#2647364638
The email scam will also contain an Attachment. The attachment is a malicious executable file (disguised as a BBB complaint) with the name, “Case#2647364638.zip“. Upon extraction of this file, the user will see a file appearing to be a harmless PDF file but is really an .exe file. A double extension is used to trick the Preview Pane into thinking it is a PDF.
Here is an example email:
If the attachment is executed, the unknowing users machine gets infected with a Trojan identified by Thirtyseven4 Antivirus as “TrojanPSW.Tepfer.eku“.
Upon analysis of the Trojan, we have observed that the file attempts to visit various links to download further malicious files. At the present time, the Trojan isn’t performing such activities probably sitting dormant awaiting further instructions.
Past versions of TrojanPSW.Tepfer have downloaded files that were polymorphic in nature (meaning every time you visit the same link you will get a different file).
In addition to updating the Thirtyseven4 Antivirus virus scanner for these threats and future similar threats, the Thirtyseven4 Browser Protection module will be immediately updated to block any future websites should this Trojan start attempting to reach malicious websites.
| 
