The first threat is a basic Trojan which masquerades as a Microsoft security patch. Recipients are urged to visit a spoofed URL based in Canada which uses a very similar design to Microsoft's own Update Centre and downloads a file named 'plugandplayfix.exe'.

The email, from a spoofed email address, arrives with the header 'Critical Update for Plug and Play devices MS05-4791k'.

The second threat is a worm that targets web servers running XML-RPC for PHP prior to version 1.1.1, a sizeable minority of currently deployed systems.

[vnunet.com...]