The message claims to be a removal tool.
"The spammed email contains the trojan as MS05-039.exe attachment and the email subject is 'What You Need to Know About the Zotob.A Worm'," said Katrin Tocheva, antivirus researcher at F-Secure on the company's weblog.
The technique of manipulating Microsoft updates has been used before. In June SC reported the mass spamming of emails that sent users to a spoofed Microsoft site via a link. Visitors to the site received a trojan payload on their systems. F-Secure reported seeing a similar scam in June too.
The Zotob worm made headlines across the globe when it infected a number of high profile news sources. Yesterday, SC reported Zotob variants could affect Windows XP as well as 2000.
.png&h=140&w=231&c=1&s=0){kind=logo}
_(22).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
