«
»

BBB Phishing

By cuinfosec

According to Secureworks and others, SANS and SunBelt, there are two different phishing scams making their way around email.

While both of them are extremely dangerous in their own respects, one of them I find very interesting. It is a highly targeted attack against executive level managers at companies. It uses an email with which claims to link you to documents pertaining to your case. Here are some of the highlights from Secureworks.

Highlights

  • Highly-targeted attack – aimed at specific executive-level company managers
  • Steals all interactive data sent from victim’s IE browser to remote websites
  • Uses browser helper object to access form data before it is SSL-encrypted
  • One stolen data repository located. As of Friday, May 25, there are 1, 400 victims and 145 megabytes of data in the repository. Approximately 70 megabytes of data is being collected daily.

The other email contains an attachment (RTF Document) when executed installs several pieces of malware onto the computer opening to attachment. The problem with this one is that for some reason it is easier to get virus through email content scanners with RTF documents.

For more information click on one of the reports above.

This entry was posted on May 29, 2007 at 6:13 pm and is filed under Alerts, Attacks, Malware, Phishing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “BBB Phishing”

  1. drapetomaniac Says:
    October 9, 2007 at 2:26 pm

    BBB is leaking customer data and has known since at least August.
    http://drapetomaniacs.com/articles/2007/09/30/bbb-leaks-consumer-and-business-data

Leave a Reply