Security experts have detected a new phishing campaign that uses fake Microsoft Outlook notifications to spread malware. Over a million of the spam messages have been intercepted by spam and phishing filters since Thursday.

The messages look like an alert from the recipient’s IT department notifying them that a security upgrade is available and asking them to log into their accounts to  retrieve the new settings. The link in the messages leads to a fake Outlook Web Access page which asks them to download a file containing the new security settings. The file is actually an .exe containing the Zbot banking Trojan.

What sets this spear phishing attack apart from past ones is the sheer volume of messages being sent out and the fact that the messages are highly personalized to each domain they are sent to.

In a related attack, search engine results for “office.microsoft.com” have been poisoned with pages leading to fake anti-virus software sites. 2010 has kicked off with a bang for malware distributors, hackers, and spammers. They are growing more and more sophisticated everyday, meaning 2010 could be a record year for attacks.