Complaint from Better Business Bureau really contains malware attack

Filed Under: Malware, Spam

Better Business BureauThe Better Business Bureau (BBB) is well known in North America for championing consumer rights, so if you run a company in the United States or Canada and receive a complaint from the organisation chances are that you will want to take it seriously.

Which is precisely what the cybercriminals behind the latest malware attack being spammed around the world are banking on.

Email messages have been sent to addresses around the world, posing as a communication from the BBB.

Here's a typical example (click on the image below for a larger version):


Here is the full text of the message:


The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer's concern are included on the reverse. Please review this matter and advise us of your position.

As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.

In the interest of time and good customer relations, please provide the BBB with written verification of your position in this matter by December 11, 2012. Your prompt response will allow BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.

The Better Business Bureau develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.

We encourage you to print this complaint (attached file), answer the questions and respond to us.

We look forward to your prompt attention to this matter.


The Better Business Bureau Complaint Department

You can probably understand that some firms (who don't employ security-savvy staff like yourself) might be tempted to open the attached file.

Sophos security products detect the attached malware as Troj/Agent-ZGD - a Trojan horse designed to take remote control of your Windows computer, and allow a remote hacker to gain access and steal information or install more malware onto your PC.

If you use a security product from a different vendor, you should check that your systems are properly protected from this attack.

We've seen similar malware attacks in the past which pose as messages from the Better Business Bureau. If you receive one either now, or in the future, please exercise caution.

, , ,

You might like

5 Responses to Complaint from Better Business Bureau really contains malware attack

  1. Freida Gray · 1028 days ago

    I don't think that the Better Business Bureau actually has anything to do with resolving complaints between a consumer & a company.I think they just keep a record of which companies have had complaints against them & only then if consumers turn the complaint in to them.At any rate,they won't try to resolve one complaint from a customer

  2. Ken Uhlik · 1027 days ago

    Usually,you complain to them,not the other way around.Then they phone you with solutions.When i see "fake mail" I DELETE IT.
    I am also getting messages from Fedex about a package at the US Post office(i have a regular postal address that they could have used)I know it is a scam.I don't open their attachments.JUST DELETE THEM.

  3. gene jacobson · 1027 days ago

    Does anyone know if the BBB ever does communicate with businesses or consumers via email? The only dealings I've had with them have been forms filled out at their website, all responses, so far have been through regular mail. They do query businesses but I don't think they mediate. A state attorney general may do that, have done in my case, and the BBB has been helpful too. But I'd never open an attachment I wasn't expecting from anyone - before your AG or the BBB sends you anything, they speak with you. People still need to know the basic rules, never open an attachment you didn't know was coming. And have a good malware/antivirus program running at all times!

  4. Max · 1027 days ago

    I picked up a Trojan backdoor installer program from an email like this. All I did was to collect my email from a pop3 account using Thunderbird. AVG2013 was installed but was not able to scan the email communication as it was encrypted. I opened the BBB email in Thunderbird, but did not click on it. So is opening an infected email like this enough to infect a windows machine?

  5. MikeP_UK · 1027 days ago

    Addresses in the UK have been getting BBB, USPS, Fedex fake emails for more than two years. For us outside the USA it's obvious they are a scam, so should be deleted immediately without being opened.
    Those in the US should be a bit cautious and use the normal approach of doubt in the first instance.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley