There is more information to the first story about the Better Business Bureau scam that is circulating online. New research from SecureWorks is reporting that over 1,400 companies have now fallen victim to the fraud.

In February, the Better Business Bureau (BBB) reported information on an e-mail with false return addresses of either operations@bbb.org or consumercomplaints@bbb.org , which included a hyperlink citing a BBB complaint case number. When clicked, the links directed users to a subdirectory where they were asked to download documents related to the complaint. The download was actually Malware.

The report from SecureWorks outlines the attack and details how it is accomplished. Like previous reports mentioned, the e-mail scam looks legit. The attackers have gone to great lengths to ensure that the e-mail looks almost exactly like the real complaint letters sent out. Unlike the first round of letters dispatched earlier this year, the e-mails are now cleaned up and personal in nature.

SecureWorks outlines the scam warning, describing it is a, "Highly-targeted attack - aimed at specific executive-level company managers." It steals all interactive data sent from the victim's IE browser to remote websites. The theft takes place using a BHO or Browser Helper Object, accessing the data before it is secured over an SSL tunnel, and sending it to the remote server. "One stolen data repository located. As of Friday, May 25, there are 1,400 victims and 145 megabytes of data in the repository. Approximately 70 megabytes of data is being collected daily," said SecureWorks.

"The email is tailored to the victim, including their full name, email address and company name in the false complaint. From the data we've gathered, it appears that the attacker is targeting upper-level managers at a wide variety of companies. This data is easily culled from corporate websites or from business-networking services," reports Joe Stewart in his report for SecureWorks. "The attacker is clearly looking to target the most likely people within the company who might be tasked with responding to customer complaints at an escalated level. These targets are also the more likely to have the kinds of accounts that the fraudster can reap the most benefit from."

The attack is unique because it appears to be targeted, unlike other Phishing scams that just send out massive and blind e-mails hoping to catch someone unaware (sending millions of e-mails aimed at one bank, for example, instead of attempting to target users of that specific bank). Aiming the BBB attack at high-level executives, and targeting it to certain companies is a new twist.

Adding to the twist this scam uses Malware that attempts to capture everything, "In this way they get banking credentials, company and other website logins, plus other information that they might have had no way of knowing the value of in advance," Stewart said. "SSL encryption is of no use to stop the theft of sensitive data, since the browser helper object intercepts the request before it is encrypted. Fortunately, only Internet Explorer is capable of loading the BHO, so users of other web browsers are not affected in this case."

The full SecureWorks report is online at their website. They have advised IT administrators to apply the following snort rule for an added layer of protection.