Windows users familiar with Microsoft's modus operandi will sniff out this scam immediately, though, and not only because of the cracked English in the message. The missive contains the security update in an attachment. Microsoft never sends security updates in attachments.

"Please notice that Microsoft company [sic] has recently issued a Security Update for OS Microsoft Windows," the fake notice reads in typical fractured prose.

It then goes on to give instructions for installing the fake security file, KB453396-ENU.exe. "If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine," it explained

In the signature block of the message is the name of Microsoft Director of Security Assurance Steve Lipner. Lipner's name has been used on bogus security updates before, including attacks in and .

Graham Cluley, who for Sophos's Naked Security blog, noticed another bonehead error in the message. "With so much effort being taken by the cybercriminals to hoodwink unsuspecting computer users, though, you would have thought they would have not made an elementary mistake in their forged email header," he penned. "The messages we've seen claim to come from ."