ESET Ireland has detected another threat targeting Irish businesses. Emails are being received by .ie email addresses, with an infected attachment and an official looking complaint notification:
Subject: FW : Complaint – 5458414
Date: Mon, 17 Jun 2013 11:52:35 -0600
From: Dun & BradStreet <email@example.com>
New Complaint : 5458414
Dun & Bradstreet has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position. In the interest of time and good customer relations, please provide the DnB with written verification of your position in this matter by June 28, 2013. Your prompt response will allow DnB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.
The Dun & Bradstreet develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.
We encourage you to print this complaint (attached file), answer the questions and respond to us. We look forward to your prompt attention to this matter.
To ensure delivery of Dun & Bradstreet Credibility Corp. emails to your inbox and to enable images to load in future mailings, please add firstname.lastname@example.org to your email address book or safe senders list.
© 2012 Dun & Bradstreet Credibility Corp.
Dun & Bradstreet Credibility Corp. 103 JFK Parkway, Short Hills, NJ 07078
The fake notice asks the receiver to open an attachment (Case_06172016DNB.zip), print the complaint and respond before June 28th, but the attachment contains an .exe file, that is actually malware, detected by ESET as Win32/PSW.Fareit.a, a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.
Receivers of this and similar emails are advised to mark them as spam and not open any attachments in emails from unverified sources, no matter how official they look.