Wednesday, October 14, 2009

Targeted URLs in spam . . .OWA Settings update

All of our trap domains are seeing a new spam campaign today where the website being spammed actually SEEMS to be the email recipient's own domain.

The webpage claims to be a new Microsoft Outlook Web Access update.

Sample email:

Dear user of the mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox ( settings were changed. In order to apply the new set of settings click on the following link:

Best regards, Technical Support

The email subjects which have been used have been:

A new settings for for the mailbox has just been released
For the owner of the mailbox
The settings for the mailbox were changed

In this entire post, remember that where "" will be replaced by the actual email recipient's userid and domain name.

The websites look like this:

Of course the link is a new version of the Zeus / Zbot trojan.

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.