Websense® Security Labs(TM) has received reports of a new variant of an
email attack that was originally launched early this year. The spoofed
email purports to be from the Better Business Bureau (BBB). The message
claims that a complaint has been filed against the recipient’s company.

the email attack contained an attachment that the victim would need to
open in order to become infected. The new variant is slightly different.

new message uses a tactic employed by other, more-successful email
attacks, such as the recent Storm worm. Instead of including an
attachment in the email, the body of the email contains a link to an
external Web site from which the payload is downloaded if the link is
accessed. This method allows the attack to bypass many attachment
filters at the email gateway.

Link to our previous BBB alert:

Details …