Household improvement emails come with Zbot malware

Household improvement emails come with Zbot malware

There’s a malicious email in circulation which claims to contain an invoice from a Kitchen Appliance company.

According to another recipient of the mail, the named company is actually a real business entity although there’s no suggestion that they’ve been hacked or otherwise compromised – it seems the scammers just opened up a directory, said “That one” and just started pretending to be them.

The mail reads as follows:

M & M Kitchen Appliances – INV211457

Thank you for your recent purchase (REF: INV211457).

Please find a copy of your invoice attached to this email.

Kind regards Nuala


Fake Kitchen Mail

Depending on your email service, you may find the mail flagged as junk and / or the zipfile attachment flagged as malicious and blocked as a download.

The email comes with a .zip attachment, which contains a piece of malware known as Zbot.

Zeus (aka Zbot) is something to be avoided, as it can lead to banking password theft, form grabbing, keystroke logging and ransomware.

The zip contains an executable made to look like a Word .doc file, which is a trick as old as the hills yet extremely effective where catching people out is concerned. Telling Windows to display known file extensions will help to avoid this particular pitfall.

Users of Malwarebytes Anti-Malware will find we detect this as Trojan.Spy.Zbot, and the current Virus Total scores currently clock in at 29 / 54.

As a final note of caution, there’s another mail doing the rounds which spoofs the same email address mentioned above, yet claims to be sent from a toiletries company.

If you’ve bought any form of kitchen / household upgrade or addition recently and receive mails with zipped invoices, you may not recall exactly who you bought all of your items from.

With that in mind, you may wish to have a look at your receipts and bank statements, and – on the off-chance the randomly selected company named in the spam mails matches up – give them a call directly to confirm they really did send you something.

There’s a good chance they probably didn’t, and no laminated sideboard is worth the trouble caused by a PC hijack.

Christopher Boyd


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.