Another day, another spam campaign leading to the Blackhole Exploit Kit.
Date: Wed, 7 Dec 2011 08:33:03 +0000
From: “::Better Business Bureau::” [risk.manager@bbb.org]
Subject: Complaint from your customers
Attachments: bbb_logo.jpgAttn: Owner/Manager
The Better Business Bureau has been sent the above mentioned complaint from one of your customers on the subject of their dealings with you.
The detailed information about the consumer’s concern is explained in enclosed document.
Please review this matter and notify us of your position.
Please click here to reply this complaint.We look forward to your prompt reply.
Yours faithfully,
Shawna Dennis
Better Business BureauCouncil of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
A link in the email goes to a legitimate but hacked site, users are forwarded to billycharge.com on 79.137.237.63. This IP is on Digital Networks CJSC in Russia (aka DINETHOSTING), a wholly black hat operation – you should block access to 79.137.224.0/20 if you haven’t already done so. The Wepawet report is here , VT shows 0/43 detections for the exploit page although the download malware should tickle at least some scanners.
Leave a reply
one of my clients revived this email, a couple of them actually with different names in the “from”