Security vendor Sophos has warned of the presence of spoofed Microsoft security bulletins.
Emails with the subject line "Microsoft Security Bulletin MS07-0065" were sent by spammers on Wednesday morning to thousands of companies in the US and the UK.
Once users click on a link they are taken to one of many websites hosting a malicious piece of code Sophos is calling "Mal/Behav-112".
The security company said that, although antivirus products will now have been updated, users' machines could still become compromised if the compromised websites are made to point to a zero-day exploit.
"This is clever social engineering," said Sophos' senior technology consultant Graham Cluley. "The emails are addressed to the person by name, and a spurious licence key is given to make the emails seem more trustworthy."
The latest real Microsoft security advisory is MS07-0035.