WHAT:

A new “Better Business Bureau” computer virus is making the rounds. The virus arrives via an e-mail message customized to include the recipient’s name and company name in the body of the message, which claims to be notice of a Better Business Bureau complaint about the company.

WHO:

Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham (UAB), has investigated the virus. Warner researches spam, phishing and cybercrime issues and teaches computer security and forensics classes for the UAB departments of Computer and Information Sciences and Justice Sciences. “When the spam recipients click on the link in the e-mail, they are taken to a very personalized Web site,” Warner said, speaking from the e-Crimes Researchers Summit at Carnegie Mellon University.

“It’s very likely to trick people, since the Web site will give their name and e-mail address when they visit it,” Warner said. Cybercriminals “personalize” the spam messages with a “Base64 Encoded” string of letters and numbers. When the Web server receives this query, it decodes this string and uses the spam recipient’s real name and company name, which makes the Web page seem more believable.

Information about the virus has been shared with anti-virus companies and the appropriate authorities, he said. Warner found only seven of 29 anti-virus products tested were able to detect this program as a virus, underscoring the need for public awareness on the tactics of cybercriminals.