New very dangerous Better Business Bureau targeted attack

Last night, I got this targeted Better Business Bureau spam:

http www sunbelt software com ihs alex bbbspam32148812438888 thumb jpg

It’s targeted, like a similar one we saw in the past.

However, in the previous version, a document was attached, that used an embedded OLE in an RTF document. You had to actually go through some hoops to get infected.

This one is different. It points you to a website called “document-repository(dot)com”, which pushes you into downloading a file, Complaint_Details_363619942.doc2.exe.

http www sunbelt software com ihs alex documentrepository123888123 thumb jpg

http www sunbelt software com ihs alex documentrepository223888123 thumb jpg

The file, of course, is a trojan (Sunbelt Sandbox report here). Submitting the file to VirusTotal shows mediocre detection.