zbot scam email

Discussion in 'Email Support' started by cdog, Jan 9, 2010.

  1. cdog

    cdog Perch

    One of my customers received this email today from

    Dear user of the customers domain name mailing service!

    We are informing you that because of the security upgrade of the mailing service your mailbox (users email address) settings were changed. In order to apply the new set of settings click on the following link:

    http: //users domain name/owa/service_directory/settings.php?email=user@users_email_address&from=users domain name&fromname=email_user_name

    I found some additional info here blog.mxlab.eu/2009/10/14/zbot-variant-masked-as-settings-file-for-ms-outlook/
    and thought it may be useful to other people that are unaware of it, I sure wasnt....
  2. Stephen

    Stephen US Operations Staff Member

    We got reports of several others getting this too, don't do it!
  3. nzkiwi

    nzkiwi Perch

    blog.mxlab.eu/2009/10/14/zbot-variant-masked-as-settings-file-for-ms-outlook/ reports "the email comes from suport@****.com where **** stands for the domain that is being used in the recipient email address". However I have now seen examples that come from "info@****". So there's likely to be other addresses used as well.

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services