Users are being warned to watch out for a fake Microsoft security update.
Microsoft has advice about how to spot fake updates
Circulating as an e-mail the fake message points people at a bogus website that claims to host critical security updates.
But anyone downloading from the site will get a virus installed that opens a backdoor into their computer the program's creators can exploit.
Security firms and Microsoft urged users to ensure they visit legitimate sites when downloading updates.
Anti-virus firm Sophos spotted the e-mail which uses subject lines saying "Urgent Windows Update" and "Important Windows Update"
In the body of the message is a web link that looks like it should link to the Windows Update website but in fact links to a site controlled by the malicious hackers.
Anyone downloading the fake update on the bogus webpage will have their computer infected with the DSNX-05 trojan.
STAYING SAFE ONLINE
Install anti-virus software
Keep your anti-virus software up to date
Install a personal firewall
Use Windows updates to patch security holes
Do not open e-mail messages that look suspicious
Do not click on e-mail attachments you were not expecting
This opens a backdoor into the PC that could be exploited by the creators of the malicious program.
Anyone falling victim to this could leave computer owners vulnerable to identity theft or having their computer used to send spam, attack other sites or host dubious material.
Microsoft said it only sent e-mails about security updates and incidents to those that have explicitly asked to be sent them.
Also it said it never sends out information about security problems before its website has been updated with information about problems.
This means that if users cannot find information about security problems mentioned in an e-mail on the Microsoft site, they should be suspicious of the message.
Microsoft also urged users to type in the name of the website they are trying to reach rather than use a hyperlink as these can hide spoof websites.
"Users must be very careful to be sure they are going to the official update websites, rather than just following links in emails which have been sent by hackers," said Graham Cluley, senior technology consultant at Sophos.