The virus is being distributed in a hoax e-mail that advertises a patch for a series of vulnerabilities in Microsoft's Internet Explorer Web browser and Outlook software.
The authentic patch for those flaws was released in February. Microsoft said that it has not updated the patch and that the e-mail is fraudulent.
The e-mail uses a Microsoft address and has the subject line "Internet Security Update". It tells users to run an attached ".exe" file with the name q216309.exe, which a Microsoft spokeswoman confirmed was a virus.
A similar hoax e-mail was distributed in March carrying the [email protected] worm, which installed a backdoor Trojan if opened that allowed remote access to a user's computer.
Microsoft is urging users to not run the attachment and referred users to information on its Web site about other hoax e-mails, at www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/hoaxes.asp.