Businesses and consumers have been aggressively targeted by phishing scammers using the BBB's good name to lure victim's into downloading malicious content onto their computers.
(For more details on this phishing scam visit http://vi.bbb.org/article/scam-alert---ongoing-bbb-phishing-scam-32080)
The Council of Better Business Bureaus has engaged a phishing deactivation service to shut down websites that are hosting malware. To date, we have shut down or disabled approximately 50 sites that were involved in this wide-spread phishing scam. Deactivating the websites set up by the scam artists ensure that recipients who click on the link in the scam emails won’t have a virus loaded onto their computers. It does not, however, prevent the emails from going out in the first place.
Protect Yourself
Anyone who received the fake BBB email and clicked on one of the links prior to the deactivations, and who didn’t have adequate antivirus protection, was likely infected. The particular virus at play is known as “Zeuss” or “Zbot” and is a “Trojan Horse” or spyware virus that downloads onto a recipient’s computer and harvests confidential and personal data without detection. According to the FBI, one criminal organization used Zeuss to collect $70 million from victims. It is imperative that anyone who believes their computer may have been infected do a security analysis and have the malware eradicated.
This particular malware first surfaced back in 2007. Symantec, published an antivirus signature in 2010. A link to the Symantec description of the virus is provided below. Please ensure that your antivirus protection services cover Zeuss/Zbot.
From Symantec’s website (aka Norton Anti-Virus): http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99
From the FBI’s Internet Crimes Complaint Center. Council has reported the BBB phishing scam to IC3 and they have included our scam in the following alert: http://www.ic3.gov/media/2010/corporateaccounttakeover.pdf
Protect Your Business Networks
We have consulted with cyber security experts who have informed us that even when an organization has antivirus protection in place, there is still potential on occasion for the virus to infiltrate a network. This can happen under the following circumstances:
• The antivirus is disabled or misconfigured by the end user
• The antivirus definitions are not updated
• The network layer spam filter and web filter are not present or not updated
Our cyber security experts have provided us with the following recommendations that your business should also implement as appropriate:
• Implement a spam filter appliance that processes all email before reaching the internal mail server.
• Make sure the spam filter has the ability to scan for malware.
• Implement a web proxy filter that inspects all Internet traffic before leaving the local network.
• Implement a centralized antivirus solution that:
1. forces daily updates to the client systems including both antivirus version updates and antivirus signature updates, and;
2. prevents users from disabling or modifying settings for the AV service;
• Implement workstation access privilege policies whereby end users do not have administrative level access to their local system. Malware is generally limited in what damage it can cause to a system when the local user does not have administrative level access.