Blackhole that appeared online last Monday. The links in the rogue Microsoft Services Agreement notifications point to Blackhole-infected websites make use of the new Java exploit to install a variant of the Zeus financial malware, McRee said.

Oracle on Thursday to address the vulnerabilities targeted by this exploit.

The malicious Java applet used in this attack is detected by only eight of the 42 anitivirus engines available on the VirusTotal file scanning service. The Zeus variant has a similarly low detection rate.

The technique of creating malicious versions of legitimate email messages sent by trusted companies is very old. However, its continued use by cybercriminals suggests that it is still efficient.

"This email is a legitimate announcement regarding updates to the Microsoft Services Agreement and Communication Preferences," a Microsoft program manager for supporting mail technologies who identifies herself as Karla L, in response to a user inquiring about the authenticity of the email message.