Microsoft has released Advance Notification for June 2007.

As while, a trojan spam is masquerating as Microsoft Security Update now. The content of spams is about Security Update for Internet Explorer. Of course, it’s a trojan, Kaspersky detects it as Trojan-Downloader.Win32.Agent.avk.

The spams are as the following:

From: “MSIE Update” security14@microsoft.com
Subject: Microsoft Security Update
Body:

Microsoft Security Bulletin MS06-31

Cumulative Security Update for Internet Explorer (145677125)

Published: June 3, 2007

Version: 1.0

Summary

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Internet Explorer for Microsoft Windows XP Service Pack 2 – Download the update

Revisions:

V1.0 (June 3, 2007): Bulletin published

The malicious url:
http://amyberman.com/updatems06

The size of trojan is 8,704 bytes, packed with UPX 2.0, MD5 hash is 1884cae661e902d3414b12adf38e4e2b