Malware SPAM: Outlook Setup Notification - micr__outlook_update_6556.zip inside Outlook Setup Notification.zip

Another malware SPAM today is a fake email that will try to trick the recipient to install a fake Microsoft Outlook setup file (micr__outlook_update_6556.exe) which is attached in the email:

You have (1) message from Microsoft Outlook.

Please re-configure your Microsoft Outlook again.

Download attached setup file and install.

21 out of 39 malware scanners will identify the file as malicious:

http://www.virustotal.com/analisis/8d20dae6b583f53fc7f454b03576201880c172515b95a1fc75169b249d15b4ab-1243969226 (hhmm the link is not working anymore!) Anyway, the screenshot is at Calendar of Updates forum:

http://www.calendarofupdates.com/updates/index.php?showtopic=19927

Published Tue, Jun 2 2009 20:25 by donna

Comments

Wednesday, June 03, 2009 12:44 PM by Konos

# re: Malware SPAM: Outlook Setup Notification - micr__outlook_update_6556.zip inside Outlook Setup Notification.zip

Does anyone know what this does when you run it? I have a user that ran it (twice in fact) but the only trace of anything I can find is a couple of folders with some decompressed files in it. (ie. micr__outlook_update_6556.exe along with a .class file and some others)

TrendMicro doesn't pick it up (nor does its housecall) and Spyware Doctor doesn't appear to find anything specifically relating to it either.

Is there a way of telling if it is not longer present on the PC? (I deleted the affected folders)

Wednesday, June 03, 2009 2:32 PM by donna

# re: Malware SPAM: Outlook Setup Notification - micr__outlook_update_6556.zip inside Outlook Setup Notification.zip

I suggest to run any of the following online scanners to check if there's any instances of the above malware.  Both scanners below has option to remove what it'll find.

A-squared Malware Web scanner: www.emsisoft.com/.../ax

ESET Online scan: http://www.eset.com/onlinescan

Tuesday, June 16, 2009 10:33 AM by Tim McGee

# re: Malware SPAM: Outlook Setup Notification - micr__outlook_update_6556.zip inside Outlook Setup Notification.zip

Beware! This email can also come in the form of a hyperlink to download a EXE to fix Outlook. If you look at the hyperlink it redirects you to a website that is outside of the US. The site has a ru Extention.