The message claims to be a removal tool.
"The spammed email contains the trojan as MS05-039.exe attachment and the email subject is 'What You Need to Know About the Zotob.A Worm'," said Katrin Tocheva, antivirus researcher at F-Secure on the company's weblog.
The technique of manipulating Microsoft updates has been used before. In June SC reported the mass spamming of emails that sent users to a spoofed Microsoft site via a link. Visitors to the site received a trojan payload on their systems. F-Secure reported seeing a similar scam in June too.
The Zotob worm made headlines across the globe when it infected a number of high profile news sources. Yesterday, SC reported Zotob variants could affect Windows XP as well as 2000.
