A spam mail claiming to come from the Better Business Bureau (BBB) infects recipients with malware, warns Sophos security researchers.
The emails vary in their wording, but all claim that a consumer has complained about the company receiving the email. The details of the complaint, naturally, are contained inside the attached "BBB Report.zip" file (which, of course, contains malware).
One of the spam mails:
Dear Sirs,
The Better Business Bureau has got the above mentioned complaint from one of your clients regarding their business relations with you.
The details of the consumer's concern are presented in enclosed document.
Please review this issue and let us know about your point of view.
Please open the ATTACHED REPORT to respond this complaint.
We look forward to your urgent attention to this matter.
Sincerely yours,
[name]
Dispute Counselor
Better Business Bureau
Sophos security solutions detect the malware as Mal/BredoZp-B and Troj/Zbot-BUS.