Hackers are using e-mails containing fake security bulletins from Microsoft, purporting to include patches for...
the Windows operating system, to spread malware.
However, although the patches were either linked from or attached to the e-mail, the files also included a Trojan file that downloaded automatically.
Symantec's security response blog outlined the new social-engineering technique. The post, available here, notes that Symantec has recently monitored the virus.
Symantec urges users to download patches from the original software supplier sites by visiting the sites themselves rather than following links in e-mails or other third-party web pages.