The spam messages do their best to entice users to click the embedded hyperlinks by claiming that their BBB accreditation has been terminated due to consumer complaints. However, recipients should be able to tell that the email is a fake since it is riddled with mindless grammar & spelling mistakes. (“Beaureau”? Really?)
Below are two variants that are currently circulating:
Your Accreditation Terminated
The Better Business Bureau has been temporary Terminated Your Accreditation
A number of latest complaints on you / your company motivated us to transitory Abort your accreditation with Better Business Beaureau. The information about the our decision are available for review at a link below. Please pay attention to this question and let us know about your mind as soon as possible.
We kindly ask you to visit the SUSPENSION REPORT to respond on this claim
We are looking forward to your prompt response.
If you think you got this email by mistake – please forward this message to your principal or accountant
Better Business Bureau
Your accreditation with [COMPANY] was Terminated
A number of latest complaints on you/ your company motivated us to transient Abort your accreditation with Better Business Beaureau. The details of the our decision are available at the link below. Please give attention to this problem and notify us about your mind as soon as possible.
We pleasantly ask you to overview the ABORT REPORT to reply on this situation.
If you think you received this email by mistake – please forward this message to your principal or accountant
We are looking forward to your prompt reaction.
Looking for info on additional ways your BBB Accreditation can boost your business? Visit the BBB SmartGuide.
– Online Communication Specialist
bbb.org – Start With Trust
Users that make the mistake of following one of the links in the emails shown above will be directed to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to take advantage of system vulnerabilities in order to drop Worm: Win32/Cridex.E on the visiting machine.
Upon infection, Cridex will modify the system registry to ensure it executes whenever Windows starts, inject itself into a variety of running processes, connect to a remote server to provide an attacker remote control, and copy itself to any removable drives attached to the affected system.
Keep Your PC Safe!
Given that this threat requires user-interaction, avoiding it should be relatively simple.
- Manually type in the URL of the website you wish to visit instead of clicking links in emails, especially if they are unsolicited.
- Do not download or open any files attached to unsolicited emails (or at least be sure to scan them first).
- Always keep your operating system and installed third-party software patched and up-to-date.
- Always run antivirus software that offers real-time scanning and keep the virus definitions current.
Did you already click the link in an email similar to the ones above?
Hopefully you’re running one of the 19 antivirus programs capable of detecting the Cridex worm, because you’re going to need to perform a system scan to detect and remove the infection. Hop to it!