Have you, or any of your users, received an email announcement that looks like it’s from Microsoft, talking about an update to Microsoft Outlook or Outlook Express? The email itself looks remarkably legitimate, and it would be easy to take it at face value. But receiving an email from Microsoft about an update is in itself a red flag, because Microsoft doesn’t issue updates or security warnings in that manner. Bloggers and security experts have been quick to pick up on this one, and are educating the public about the warning.

When unsuspecting users click on the link, thinking they will get an update to Outlook, they are taken to a rogue Web site that sends a Trojan horse to their computer.

The tricky attackers may actually get some takers, not only because of the realistic-looking email, but also because the notice comes out at about the same time Microsoft really is getting ready to release its monthly security patch.

Like most such bogus emails, the link contained in the email appears to go to Microsoft.com, but looking at the actual HTML (pass your cursor over it and see) will show that it goes somewhere else entirely. If you fall victim, you’ll get a piece of malware that appears to be a variant of Zbot, a Trojan used often to steal login details and take control of computers.