This malicious e-mail campaign, with subject line "Account Verification" has been discovered by the security experts from Websense Security Labs ThreatSeeker Network. They have observed over 100,000 such messages as of June 22, 2010, as per the news published by Websense security labs BLOG on June 22, 2010.

The bogus e-mail asks recipients to confirm their Digg.com account. It also asks them to click on a given link to reset their account password. Once they click on the link, they are redirected to some malicious website.

According to Websense, there are two such malicious Web links in the e-mail. The first one redirects user to a website that pushes user to download a Trojan file while the second one (contained in an iframe) redirects user to an exploit-laden website.

According to the reports, 12 out of 41 anti-virus vendors at Virus Total have been able to detect the Trojan file as potentially harmful or malicious. From these, Microsoft, Kaspersky and Sophos have detected and named it as PWS:Win32/Zbot.gen!W, Packed.Win32.Krap.ao, and Trojan.Win32.Generic.pak!cobra respectively. Other anti-virus vendors have christened it with different names.

The downloaded Trojan file's size is found to be 90624 bytes while its MD5 is 7a5bdb91c7df180b93aa8c957089bdb6.

The security experts, thus, advised users that the best thing to do in such a situation is to delete these e-mails without even reading them. However, if a recipient feels that the e-mail received by him is not a part of the scam, they should be fully ensure about the authenticity of the e-mail before clicking on any part of the mail or the files attached with the mail. They also asked recipients to ensure that their anti-virus software or anti-spam filters are updated from time-to-time, which will help in blocking such attacks in the first place.