Erik van Straten reported receiving a spoofed email that led to a spoofed Microsoft site that downloaded a trojan with instructions to run it to patch your system. The site name is www.microsoft-security-updates.com is NOT a Microsoft site. This gets redirected to h**p://d558597.u25.surftown.com/mstasks.exe mstasks.exe is identified by Symantec/Norton AntiVirus beta definitions as "Trojan.Etsur".
Repeat after me: Unless you subscribe to their email security notification service, Microsoft's policy is not to send notification of vulnerabilities. They never send patches in email to users.
http://isc.sans.org/diary.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic