FYI...

- http://www.f-secure.com/weblog/archives/00001308.html
November 1, 2007 - "Some malware authors are still fond of using the good old techniques to spread their wares. One of these techniques is to send e-mail messages with "Security Updates", released by a well-known software vendor.
Today we received multiple reports about a message claiming to be a "Critical Security Update" from Microsoft. The message had a ZIP archive with a trojan downloader inside. To become infected a user needs to extract the trojan's file and to run it..."

(Screenshot available at the URL above.)