A few days ago, we reported about a phishing email that is supposedly a Microsoft Outlook notification, telling users to reconfigure their program by clicking on the link provided. Instead of an update, however, the user is redirected to a phishing Web site, where s/he is asked for his/her account information, including incoming and outgoing mail server.

Apparently, this attack was successful as Trend Micro has recently detected a new spam message that uses the same technique:

Figure 1: Spam sample #1

Instead of a malicious link, this message carries a .ZIP file named micr__outlook_update_6556.zip, the contents of which are detected as as TROJ_BRANVINE.D.

The said Trojan connects to dubious Web sites to further download malicious files detected as TROJ_FAKEAV.BGC and TROJ_AGENT.AUBW.

To protect ourselves from such attacks, let’s exercise our best judgement and be careful of opening email attachments, even if they are from individuals or organizations we are likely to trust. An innocent-looking message can very well be a wolf in sheep’s clothing.