The malware arrives via email bearing “Security Update for OS Microsoft Windows” as a subject line. The spam emails claim to have been sent by one Steve Lipnser, Director of Security Assurance at Microsoft. The email reads as follows:

“Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.”

As expected, the patch is in fact genuine 100% malware, detected by Sophos as the Mal/EncPk-CZ Trojan horse. Successful installment would grant hackers control over your PC.

So just be patient until the monthly wave of Microsoft patches hits the shores of your machine the regular way.