A new malware attack is taking advantage of Microsoft's upcoming monthly security update by tempting users to download bogus patches.
The spam messages purport to come from Microsoft security assurance director Steve Lipner, and warn of a recently-released patch for several versions of Windows.
The email claims that the patch is being distributed as "an experimental private version of an update for all Microsoft Windows OS users".
"Please notice, that present update applies to high-priority updates category," reads the message. "In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update."
Attached to the message is an executable file which harbours a Trojan application that infects the user's system with malware.
In addition to its shoddy English, the bogus email lists several versions of Windows which are no longer supported, and for which patches would not be released, including Windows 98 and Windows Millennium Edition.
David Marcus, security research and communications director at McAfee, told vnunet.com that the attacks are nothing new.
"Is it a brand new vector? No. But you have to give them kudos for their timing," he said. "The chance that it is going to be effective is certainly a lot higher."
Microsoft has yet to release the monthly update, and the company never sends out security updates as email attachments.
Users will be able to receive the update on Tuesday through the Microsoft Update and Windows Software Update Services components.
Network administrators can also protect against the attack by setting email servers to filter out .exe attachments.
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France
Loon's balloons will bring the internet to remote areas of the country