Microsoft Outlook Notification Scam Email

Microsoft Outlook Notification for the kjy@kenkai.com

I wrote yesterday about the New Settings File email scam and I received a variation this morning that will likely catch even more people out - so read on and beware.

The new Microsoft Outlook Notification scam emailĀ  tells you that you have six messages and you need to re-configure Microsoft outlook again, by installing the attached set-up file. The email is short and to the point and appears to be an internal memo email, as it comes from your own email address. It would be easy to open the zip file, just because you are inquisitive - DON’T DO IT!

The email details:

Microsoft Outlook Notification for the kjy@kenkai.com

Support [kjy@kenkai.com]

Sent :Thu 15/10/2009 06:38

To kjy@kenkai.com

Attachment install.zip (12kb)

You have (6) New Message from Outlook Microsoft

- Please re-configure your Microsoft Outlook Again.

- Download attached setup file and install.

The zip file will contain malware - perhaps a trojan or a worm, or it may simply ask you to fill details into a form - whatever it does, don’t open it. Simply delete it. Don’t send it to anyone, don’t show it to anyone, it just needs to be deleted and then move on with your life.

If you receive a Microsoft Outlook Notification email, or similar scam emails, take the time to leave a comment as we’d love to hear about them and you could help prevent somebody from opening the zip file and costing themselves time, money and a lot of grief. Have a fabulous day!

22 Responses to “Microsoft Outlook Notification Scam Email”

fs Says:

I came to work this morning to find several colleagues inc. myself with this email. I started doing checks/scans on the mailserver but could not find anything untoward. Any idea how these are generated, they have the correct email addresses which makes me wonder if its something within the network.
They cull the email addresses off the net and spam that they send is simply set so that the “from” email address appears the same as the “to” address. BM

Stargazer Says:

I have even spotted those messages on various mailing lists which *definitively* do not have outlook installed.

Remember kids: never do this at home on your windows box as it can lead to a virus outbreak if you don’t know exactly what you’re doing.

The ZIP file contains a file named install.exe which is more or less just another archive containing a few more files which are as follows:

.text, .rdata, .data, .tls and .edata

A more in deep analysis would be required, but I was seeing parts in those files saying “FuC1.FuC1.FuC1″

So I totally agree on deleting the received mail. But be prepared for some more unpleasant surprises like that.

Nathalie Says:

same for me, received today in France !

captain sparkle Says:

received identical email this morning, through my website address, not my personal email address!

Paul Says:

Received this about an hour ago and although it “seemed” legit I preferred to have it check by our IT crew.

They confirmed it was not only spam but the bad kind too.

Nick Says:

Got the same message. It seemed strange that MS would even care about my 2000 Outlook. Thanks for the heads-up.

Peter Yurgel Says:

I just got one too. IT confirmed it to be dangerous.

Jenna Says:

My Sales Manager received this today in Ohio. He called me over to his desk to ask me what it was. The from line said “Support” - but when you look closer, it was actually using his e-mail address in the from field.

I knew right away something was not right when I noticed the “install.zip” attachment and the fact that it says
“Outlook Microsoft” instead of just Outlook or Microsoft Outlook.

We deleted it immediately but I encourage others to keep an eye out.

Glen in DC Says:

Thanks for this info.

Justin Says:

I work in IT support, we’ve had two customers in the UK hit by this today so far.

Subject: Microsoft Outlook Notification for the @

Body text:
You have (6) New Message from Outlook Microsoft

- Please re-configure your Microsoft Outlook Again.
- Download attached setup file and install.

Attached file: install.zip (21Kb)

Note the file size on the attached file. I think this is going to ‘do the rounds’ over the next week or so, please make sure everyone follows the excellent advice above and uses + on this message as soon as they receive it.

Jeff Salmeto Says:

Recieved the same email today to our ecommerce site. Checked into it and was informed that the only email that Microsoft Outlook will send is the test email when you setup the account. They will not send a zip file. Also, the email address that the message was sent to is not even an address setup with our Outlook client. It has an auto forward in our website control panel which sends messages from that account to the correct email accounts. These people are getting pretty slick!

EC Web Says:

my client had the same email this morning.
He fell straight for it and tried his best to open the ‘install.zip’ - thank God he was unable to open it and asked for my help!

Willem Says:

Also in the Netherlands
Have been receiving this mail on several accounts within our domain for the last 2 weeks!
Beware!!

Marilyn Says:

Received this via our company’s website. It was forwarded via to our customer service contact address.

Rich Says:

Have received a fair splattering of these over the past week or so - there are 5 in my inbox at this very moment(Midlands, UK, by the way). I delete them as a matter of course, but they’re pretty convincing. I’ve also now added the sender to my Blocked Senders List. Won’t stop them, but at least it makes me feel that - however delusional - I’m doing something to make life that little bit more awkward for these anti-social pests.

Dean Says:

I have been getting these for a few days now. I “saved as” and did a scan, it’s a trojan alright:

Documents\install.zip/install.exe detected: Trojan-Downloader.Win32.FakeRean!IK

Chris Says:

Got that on 16th Oct in South Africa too…….

Kujoy Says:

Started getting this one after a Nigerian Scammer tried to rip me off on eBay. Was surprised to see it got through the mail servers anti virus protection plus ESET smart security 4 didnt pick it up either both of which have never let me down before.

Mr Video Says:

Yep, I knew this was a tojan spam as soon as I saw it. Why? 1) I don’t use Outlook at home (forced to use it as work), I use mutt and 2) I’m on a Solaris 10 server. I won’t exactly be running any of the Microcrap stuff on my Solaris x86 server. :-)

The following DLLs are referenced in the exe file:

KERNEL32.DLL
MSVCRT.DLL
USER32.DLL
ADVAPI32.DLL
RPCRT4.DLL
GDI32.DLL

There are bunch of functions that are called as well. But I won’t put that long list here.

Buyer beware!

Whilst I appreciate your helpful comment - Microcrap? - that offends the hundreds and thousands of people that use Microsoft products to run their machines. What’s so special about Solaris? Did you build your 1990’s amateur website on the solaris? Looks like it. Offended? Not nice is it? BM

TallyMatt Says:

Rec’d it @ 5:35am on 10/18/2009. Deleted it. Thanks to this blog, I’ve gotten everyone in my organization up to speed.

Audrey Jones Says:

New Microsoft scam mail:

Update for Microsoft Outlook / Outlook Express (KB910721)
Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest level of security and stability.
Instructions
To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center:

This is then followed by a link which obviously should not be followed….. hope this is helpful to others

Audrey

appointment scheduling software Says:

I’ve operated my computer business from a paper appointment pad, then tried the ms outlook program but wow, bill gates has never run a small business, i couldn’t use it on a network . then i tried ms excel since the cells were like a calendar, but that was a farce since i couldn’t keep track of any customer info… when is microsoft gonna get it right? Perhaps it’s more a case of when are you going to learn to use it properly, but then again you don’t have to, as you have your own scheduling software that you are promoting? BM

Leave a Reply





SEO Blog

SEO Blog

The Big Man's SEO blog is primarily aimed at website owners looking for ethical SEO tips, optimisation advice and who are interested in reading articles and opinions related to search engines, the internet, technology and software.