The webpage claims to be a new Microsoft Outlook Web Access update.
Sample email:
Dear user of the mydomain.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (mymail@mydomain.com) settings were changed. In order to apply the new set of settings click on the following link:
http://mydomains.com/owa/service_directory/settings.php?email=mymail@mydomain.com&from=mydomain.com&fromname=mymail
Best regards, mydomain.com Technical Support
The email subjects which have been used have been:
A new settings for for the mymail@mydomain.com mailbox has just been released
For the owner of the mymail@mydomain.com mailbox
The settings for the mymail@mydomain.com mailbox were changed
In this entire post, remember that where "mymail@mydomain.com" will be replaced by the actual email recipient's userid and domain name.
The websites look like this:
Of course the link is a new version of the Zeus / Zbot trojan.
http://mydomain.com.bertdffe.co.uk/owa/service_directory/settings.php
http://mydomain.com.bertdffe.eu/owa/service_directory/settings.php
http://mydomain.com.bertdffm.co.uk/owa/service_directory/settings.php
http://mydomain.com.bertdffm.eu/owa/service_directory/settings.php
http://mydomain.com.bertdffo.eu/owa/service_directory/settings.php
http://mydomain.com.bertdffw.co.uk/owa/service_directory/settings.php
http://mydomain.com.bertdffw.eu/owa/service_directory/settings.php
http://mydomain.com.nerrasssb.eu/owa/service_directory/settings.php
http://mydomain.com.nerrassso.eu/owa/service_directory/settings.php
http://mydomain.com.nerrasssp.co.uk/owa/service_directory/settings.php
http://mydomain.com.nerrasssp.eu/owa/service_directory/settings.php
http://mydomain.com.nerrassst.co.uk/owa/service_directory/settings.php
http://mydomain.com.nerrassst.eu/owa/service_directory/settings.php
http://mydomain.com.nerrasssu.co.uk/owa/service_directory/settings.php
http://mydomain.com.nerrasssu.eu/owa/service_directory/settings.php
http://mydomain.com.nerrasssw.co.uk/owa/service_directory/settings.php
http://mydomain.com.nerrasssw.eu/owa/service_directory/settings.php
http://mydomain.com.nerrasssx.co.uk/owa/service_directory/settings.php
http://mydomain.com.nerrasssx.eu/owa/service_directory/settings.php
http://mydomain.com.nerrasssy.co.uk/owa/service_directory/settings.php
http://mydomain.com.nerrasssy.eu/owa/service_directory/settings.php
http://mydomain.com.oikkkkua.co.uk/owa/service_directory/settings.php
http://mydomain.com.oikkkkua.eu/owa/service_directory/settings.php
http://mydomain.com.oikkkkuf.co.uk/owa/service_directory/settings.php
http://mydomain.com.oikkkkuf.eu/owa/service_directory/settings.php
http://mydomain.com.oikkkkuh.co.uk/owa/service_directory/settings.php
http://mydomain.com.oikkkkuh.eu/owa/service_directory/settings.php
http://mydomain.com.oikkkkuy.co.uk/owa/service_directory/settings.php
http://mydomain.com.oikkkkuy.eu/owa/service_directory/settings.php
http://mydomain.com.polikka.eu/owa/service_directory/settings.php
http://mydomain.com.polikki.co.uk/owa/service_directory/settings.php
http://mydomain.com.polikki.eu/owa/service_directory/settings.php
http://mydomain.com.polikko.co.uk/owa/service_directory/settings.php
http://mydomain.com.polikko.eu/owa/service_directory/settings.php
http://mydomain.com.polikkp.co.uk/owa/service_directory/settings.php
http://mydomain.com.polikkp.eu/owa/service_directory/settings.php
http://mydomain.com.wsasdec.eu/owa/service_directory/settings.php
http://mydomain.com.wsasdep.co.uk/owa/service_directory/settings.php
http://mydomain.com.wsasdep.eu/owa/service_directory/settings.php
http://mydomain.com.wsasder.co.uk/owa/service_directory/settings.php
http://mydomain.com.wsasder.eu/owa/service_directory/settings.php
http://mydomain.com.wsasdev.co.uk/owa/service_directory/settings.php
http://mydomain.com.wsasdev.eu/owa/service_directory/settings.php
http://mydomain.com.wsasdez.co.uk/owa/service_directory/settings.php
0 comments:
Post a Comment