A new malware attack is taking advantage of Microsoft's upcoming monthly security update by tempting users to download bogus patches.

The spam messages purport to come from Microsoft security assurance director Steve Lipner, and warn of a recently-released patch for several versions of Windows.

The email claims that the patch is being distributed as "an experimental private version of an update for all Microsoft Windows OS users".

"Please notice, that present update applies to high-priority updates category," reads the message. "In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update."

Attached to the message is an executable file which harbours a Trojan application that infects the user's system with malware.

In addition to its shoddy English, the bogus email lists several versions of Windows which are no longer supported, and for which patches would not be released, including Windows 98 and Windows Millennium Edition.

David Marcus, security research and communications director at McAfee, told vnunet.com that the attacks are nothing new.

"Is it a brand new vector? No. But you have to give them kudos for their timing," he said. "The chance that it is going to be effective is certainly a lot higher."

Microsoft has yet to release the monthly update, and the company never sends out security updates as email attachments.

Users will be able to receive the update on Tuesday through the Microsoft Update and Windows Software Update Services components.

Network administrators can also protect against the attack by setting email servers to filter out .exe attachments.