Fake BBB SPAM...
FYI...
Fake BBB SPAM / alteshotel .net and bbb-accredited .net
- http://blog.dynamoo.com/2013/03/bbb-...t-and-bbb.html
7 Mar 2013 - "This fake BBB spam leads to malware onalteshotel .net and bbb-accredited .net:
Date: Thu, 7 Mar 2013 06:23:12 -0700
From: "Better Business Bureau Warnings" [hurriese3 @bbb .com]
Subject: BBB details regarding your claim No.
Sorry, your e-mail does not support HTML format. Your messages can be viewed in your browser
Better Business Bureau ©
Start With Trust ©
Thu, 6 March 2013
Your Accreditation Suspended
[redacted]
The Better Business Bureau has been temporary Aborted Your Accreditation
A number of latest complains on you / your company motivated us to temporal Abort your accreditation with Better Business Beaureau. The details of the our decision are available for review at a link below. Please pay attention to this issue and inform us about your glance as soon as possible.
We graciously ask you to overview the TERMINATION REPORT to meet on this claim
-We awaits to your prompt rebound- .
If you think you got this email by mistake - please forward this message to your principal or accountant
Yours respectfully
Hunter Ross
Dispute Advisor
Better Business Bureau
Better Business Bureau
3053 Wilson Blvd, Suite 600 Arlington, VA 25501
Phone: 1 (703) 276.0100 Fax: 1 (703) 525.8277
This information was sent to [redacted]. Don't want to receive these emails anymore? You can unsubscribe
========
Date: Thu, 7 Mar 2013 21:19:18 +0800
From: "Better Business Bureau Warnings" [prettifyingde7 @transfers.americanpayroll .org]
Subject: BBB details about your pretense No.
Sorry, your e-mail does not support HTML format. Your messages can be viewed in your browser
Better Business Bureau ©
Start With Trust ©
Thu, 6 March 2013
Your Accreditation Suspended
[redacted]
The Better Business Bureau has been temporary Aborted Your Accreditation
A number of latest complains on you / your company motivated us to transient Cancell your accreditation with Better Business Beaureau. The details of the our decision are available visiting a link below. Please pay attention to this question and notify us about your belief as soon as possible.
We graciously ask you to visit the ABUSE REPORT to answer on this appeal
- We awaits to your prompt answer. -
If you think you got this email by mistake - please forward this message to your principal or accountant
Faithfully yours
Benjamin Cox
Dispute Councilor
Better Business Bureau
Better Business Bureau
3053 Wilson Blvd, Suite 600 Arlington, VA 24401
Phone: 1 (703) 276.0100 Fax: 1 (703) 525.8277
This letter was sent to [redacted]. Don't want to receive these emails anymore? You can unsubscribe
One potentially malicious payload is at [donotclick]alteshotel .net/detects/review_complain.php (looks like it might be broken - report here*) hosted on:
69.43.161.176 (Parked at Castle Access Inc, US)
The other is at [donotclick]bbb-accredited .net/kill/enjoy-laws-partially-unwanted.php (definitely malicious - report here**) hosted on:
64.207.236.198 (EasyTEL, US)
142.11.195.204 (Hostwinds LLC, US)
149.154.68.214 (TheFirst.RU, Russia) ...
Recommended blocklist:
64.207.236.198
142.11.195.204
149.154.68.214..."
(More detail at the dynamoo uRL above.)
* http://urlquery.net/report.php?id=1302657
** http://urlquery.net/report.php?id=1302670
... Detected live BlackHole v2.0 exploit kit
___
Malware sites to block 7/3/13
- http://blog.dynamoo.com/2013/03/malw...lock-7313.html
7 March 2013 - "Some Cridex-based nastiness here. These are the malicious domains that I can find on the IPs mentioned, alternatively you can just block:
173.246.102.2 (Gandi, US)
173.255.215.242 (Linode, US)
64.13.172.42 (Silicon Valley Colocation, US)
Blocklist:
173.246.102.2
173.255.215.242
64.13.172.42 ..."
(Long list at the dynamoo URL above.)
