An increasingly common attack program by vicious hackers aimed at infecting the computers of small businesses reached a crescendo when the Better Business Bureau was used as a Trojan Horse.
The Better Business Bureau network was the target of a "spoofing" scam in which thousands of businesses in the United States and Canada received e-mails encouraging them to download what is thought to be a computer virus.
The e-mails, using the name of the 95-year-old network of nonprofit groups that looks into consumer complaints, told businesses that they were the subject of a complaint and included a link to view related documents. Clicking on the link, however, accessed the address book of an infected computer and distributed the counterfeit e-mail to more recipients, said Steve Cox, spokesman for the Council of Better Business Bureaus.
The council is the umbrella group for the system's 129 local branches, which are funded by member businesses.
BBB members and nonmembers received the e-mail.
Confused business owners began calling the council's offices in Arlington at 6 a.m. the day of the attack and by mid-morning, the organization had confirmed the attack was widespread.
"It is the first time in recent memory where we've had an attack on this scale," Cox said.
The counterfeit e-mails were traced to an advertising firm in Kennesaw, Ga., that had had its computer system hacked into Monday night, Cox said. The agency had no prior affiliation with the BBB.
The Council of Better Business Bureaus warned recipients not to open any e-mail that contains a return address of "firstname.lastname@example.org" or a link citing a complaint case number, such as "Documents for Case #263621205."
Small businesses are increasingly being subjected to more sophisticated attacks using the cover of organizations such as the BBB to get employees to open the emails. Once opened, the emails spread the virus.
Home-office businesses are particularly vulnerable to these attacks, which experts say are increasing.