Organisations are being warned to be on the lookout for fake Microsoft security bulletins which spammers sent out yesterday to thousands of companies in the US and the UK.
Security vendor Sophos said the bogus bulletins were sent via e-mails with the subject line "Microsoft Security Bulletin MS07-0065".
Once users click on a link they are taken to one of many Web sites hosting a malicious piece of code Sophos is calling "Mal/Behav-112".
The security company said that, although antivirus products will now have been updated, users' machines could still become compromised if the compromised Web sites are made to point to a zero-day exploit.
"This is clever social engineering," said Sophos' senior technology consultant Graham Cluley. "The e-mails are addressed to the person by name, and a spurious licence key is given to make the e-mails seem more trustworthy."
The latest real Microsoft security advisory is MS07-0035.
Tom Espiner reported for ZDNet UK from London