Malicious Software Plays on Legal Fears

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Hackers are trying to play on business' fear of legal action from customers to trick them into downloading a harmful program distributed through e-mail.

The e-mails purport to come from the Better Business Bureau Inc., an organization that monitors and arbitrates disputes between consumers and businesses in the U.S. and Canada. The e-mails assert that a customer lodged a complaint against the recipient's business, according to a warning on the Web site of Websense Inc., a security vendor.

The e-mails contain a Microsoft Word attachment with the text of the supposed complaint and instructions for how to respond. But embedded in that document is a keylogging program that captures data on the victim's computer and then uploads it to a server in Malaysia.

The keylogger is purposely mislabeled with a ".pdf" extension -- Portable Document Format -- another widely used document format, to make it look harmless, said Henry Gonzalez, Websense's senior security researcher.

The trick is another variation of so-called "social engineering" methods used by hackers, which entice users to unknowingly install harmful programs on their computers.

A Better Business Bureau branch warned of a similar kind of attack in February. At that time, the e-mails contained hyperlinks to malicious Web sites. Some kinds of malicious software can be installed on a user's computer merely by viewing a site engineered to exploit a vulnerability within a Web browser.

The latest attack, using the Word document as the delivery vehicle for the malicious software, is a tactic hackers are increasingly employing.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon