Since yesterday, our lab has detected a flood of email messages that seem to contain a Microsoft Update, but it’s actually malware. We’ve seen around 3,000 in a few hours.

The message is like the following:

This email, which seems to have been sent by the Microsoft Support team, informs you that a new security update for Outlook/Outlook Express has been released. It’s a critical update, so it’s better to install it as soon as possible.

It also gives some details about the update and instructions on how to install it.

The security patch is attached to the email in a zip file, but if you run it, the Trojan detected as Bredolab.Y will be installed in your computer. At the same time, this will download the rogue antivirus known as SecurityTool.

Just several days ago we informed you about another Bredolab circulating disguised as an ecard. So, be careful with the emails you receive in your inbox as they can contain malware.