Important!
Do not exclude the outlook.exe process or the entire C:\Users\%username%\AppData\Local\Microsoft\Outlook\ folder. This will exclude too much and significantly increases the attack surface for malware on your computer.
According to ZeusMuseum, first versions of Zeus were observed in 2006-2008. Later, in 2011 its source code leaked. As a result, new versions and variants appeared. One of the Zeus successors named Zloader appeared at the turn of 2016 and 2017. Finally, another successor named Silent Night appeared in 2019. It was for sale on the underground market.
The earliest version of this variant we found has a SHA256:
384f3719ba4fbcf355cc206e27f3bfca94e7bf14dd928de62ab5f74de90df34a
Timestamp 4 December 2019 and version number 1.0.2.0. In the middle of July 2021 the version 2.0.0.0 was spotted.
The cheap server name is going to be in the header, you can't avoid it - at the very least it will show mail.yourdomain.com handed the message off to smtp.cheap-host.com. If you can change it in outlook, that works, but if your host doesn't have a general smtp address you would need to use the hosts file.
I don't get it. I have 5 accounts in outlook, and for EVERY ONE of them I keep getting these popups, tried everything, and these 'instructions' are very vague: if it says 'imap.gmail.com' do I then have to install it? or ping it first? or ping what server? This doesn't solve anything, each time I reopen outlook, the alerts are back...pfff
d0d94e66b7