Sophos Cloud Optix
Yesterday, my colleague Graham Cluley blogged about a phish campaign claiming to be a “Microsoft Outlook Notification”. The messages contained a phish link to microsoft.com.outlook.[deleted].org:
Today, we see a redux of the campaign, this time with a malware attached to the message:
Notice how similar the two messages are. Instead of the phish link seen in yesterday’s campaign, today’s spam includes one nasty surprise in the form of a zip file named “micr__outlook_update_6556.zip”. Fortunately, the spam messages are detected by our anti-spam signatures and the zip file’s contents are detected as Mal/FakeVirPk-A. Judging from the detection name, the zip file likely includes a program associated with the fake anti-virus packages that have been causing headaches for some time.
As readers of this blog are security conscious, you probably wouldn’t open up an unknown zip file. For less tech-savvy users of Microsoft Outlook however, this “Outlook update” could cause havoc with their system.