Like day follows night, a bogus "cumulative update" with a malicious attachment has followed Microsoft's patch day.
In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft's patching cycle to trick users into executing a malicious attachment.
The latest social engineering trick arrives via e-mail with an attachment that purports to be a "cumulative patch" for May 2005.
The claim is that the executable file contains patches for vulnerabilities in Internet Explorer, Microsoft Outlook and Outlook Express, three widely used products with a history of serious security bugs.
The file is actually an executable for a variant of W32.Pinfi, a memory-resident polymorphic virus capable of replicated via mapped drives and network shares.
News source: eWeek