Users are being warned to watch out for a fake Microsoft security update.
Circulating as an e-mail the fake message points people at a bogus website that claims to host critical security updates.
But anyone downloading from the site will get a virus installed that opens a backdoor into their computer the program's creators can exploit.
Security firms and Microsoft urged users to ensure they visit legitimate sites when downloading updates.
Fake sites
Anti-virus firm Sophos spotted the e-mail which uses subject lines saying "Urgent Windows Update" and "Important Windows Update"
In the body of the message is a web link that looks like it should link to the Windows Update website but in fact links to a site controlled by the malicious hackers.
STAYING SAFE ONLINE
This opens a backdoor into the PC that could be exploited by the creators of the malicious program.
Anyone falling victim to this could leave computer owners vulnerable to identity theft or having their computer used to send spam, attack other sites or host dubious material.
Microsoft said it only sent e-mails about security updates and incidents to those that have explicitly asked to be sent them.
Also it said it never sends out information about security problems before its website has been updated with information about problems.
This means that if users cannot find information about security problems mentioned in an e-mail on the Microsoft site, they should be suspicious of the message.
Microsoft also urged users to type in the name of the website they are trying to reach rather than use a hyperlink as these can hide spoof websites.
"Users must be very careful to be sure they are going to the official update websites, rather than just following links in emails which have been sent by hackers," said Graham Cluley, senior technology consultant at Sophos.
^ Back to top | BBC Sport Home | BBC Homepage | Contact us | Help | ©