Kazmarek

Free Site Analysis 1-858-952-5400
REMOTE ASSISTANCE
  • Home
  • OnGoing Management
  • IT Services
    • Microsoft 365, Exchange Services, and Consulting
    • Cloud Solutions
    • Virtualization
    • Mobility
    • Backup & Disaster Recovery
    • Server Installation/Migration
    • VoIP
    • Network & System Administration
    • Additional Solutions
  • Why Kazmarek
    • Case Studies
    • Testimonials
    • KTS Values
  • For Clients
    • O365 Log In
    • Client Portal
    • KTS Documents
    • SonicWALL VPN Client
  • News
    • Newsletters
  • Who We Are
    • Company
    • Team
    • KTS E-Award Winners
    • KTS Values
    • Charities We Support
  • Contact Us
    • Contact Us
    • Careers

Better Business Bureau Fraud Emails (microsoft.dll / microsoft.exe)

August 28, 2007 by Kazmarek Administrator

There is a phishing attempt circulating that sends emails claiming to be from the Better Business Bureau.  The subject line is: “BBB Complaint for {Recipient Name} [Case id: #7dcd4491d93a6cd1f1ac30ad32b4d18d]”  The email that I’ve seen came from: “[email protected]” although I’m sure there are many.  The email body looks like this:

=================================================

Dear Mr./Mrs. {Recipient Name} ({Company Name})

You have received a complaint in regards to your business services. Use the link below to view the complaint details:

CLICK HERE TO DOWNLOAD AND VIEW DOCUMENTS FOR CASE #B48944

Complaint Case Number: B48944
Complaint Made by Consumer Mrs. Marcia E. Worthington
Complaint Registered Against: {Recipient Name} of {Company Name}

Date: 05/14/2007

Instructions on how to resolve this complaint as well as a copy of the original complaint can be obtained using the link below:

CLICK HERE TO DOWNLOAD AND VIEW DOCUMENTS FOR CASE #B48944

Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:

• Claims based on product liability;
• Claims for personal injuries;
• Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.

The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.

The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.

© 2007 Council of Better Business Bureaus, Inc. All Rights Reserved.

=================================================

I apologize for not being able to provide the actual message header, the email message was deleted by the client. This email contains the following link, under the title: “CLICK HERE TO DOWNLOAD AND VIEW DOCUMENTS FOR CASE #B48944”

http://document-repository.com/redirect.htm?209696923c59b2a19753c85920ddbbb6=435509f28a129 …

This link directs the user to a webpage containing the BBB logo and a single hyperlink:

http://document-repository.com/Complaint_Details_363619942.doc.exe

Upon clicking on the link on this page, a file called “Complaint_Details_363619942.doc.exe” is executed and the following actions are performed:

Files Created:

C:microsoft.exe (Virus!  For more details, click here)
C:microsoft.dll

Registry Entries Created:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun: [Win32KernelStart] “C:microsoft.exe”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce: [Win32KernelStart] “C:microsoft.exe”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices: [Win32KernelStart] “C:microsoft.exe”

Registry Keys Changed:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAccessibilityUtility ManagerMagnifierApplication Path Changed “magnify.exe” to “C:Microsoft.exe”

The files mentioned above can be removed by first deleting Microsoft.dll then Microsoft.exe using a program called Killbox. The registry keys can be deleted manually, but the last one mentioned above must be changed back to its original value of “magnify.exe.

Categories

  • Active Directory
  • Backup Exec (All Versions)
  • Blackberry / Blackberry Enterprise Server
  • Citrix
  • Cool Tech Stuff
  • CRM
  • Dell
  • Exchange 2007
  • Exchange 2010
  • Exchange 2013
  • Exchange Hosted
  • Exchange Server
  • Group Policy
  • IIS
  • Kaseya
  • kazmarek
  • MacOS
  • Microsoft
  • Networking
  • newsletter
  • Office
  • Office 365
  • Office Communications Server
  • OfficeScan
  • Outlook
  • Printing
  • SBS 2003
  • SBS 2008
  • SBS 2011
  • Server 2003
  • Sharepoint
  • Spyware
  • SQL
  • Symantec
  • Terminal Server
  • Thawte
  • Trend Micro
  • Uncategorized
  • Virtual Server
  • Websense
  • Windows 7
  • Windows Mobile
  • Windows Server 2008
  • Windows Server 2012
  • Windows Vista
  • Windows XP Pro/Home
Copyrights: © 2023 Kazmarek. All rights reserved.

Designed by TinyFrog & N Halie Designs