An important key to safe computing is to never use software from unknown sources. As pointed out in a CERT advisory, malicious users often use "Trojan Horses" to deliver harmful software onto unwary users' computers. A Trojan Horse is a piece of software that appears to do something useful, but which actually performs hidden, usually damaging, action on the user's computer. For example, a malicious user might develop a game program that deliberately erases files on the user's computer while it runs, and distribute it via a web site.
Another Trojan Horse mechanism that is frequently used is to send malicious software to users via e-mail, claiming that it is a product upgrade from a software vendor. Recently, several people have done this, sending e-mails that contain software attachments to wide audiences on the Internet. The e-mails claim that the attachments are product upgrades from Microsoft or other software vendors, but in fact they are harmful software that may damage the user's software and files when they run the attachments.
If you receive an e-mail that claims to contain software from Microsoft, do not run the attachment. The safest course of action is to delete the mail altogether. If you would like to take additional action, report the e-mail to the sender's Internet Service Provider. Most ISPs provide an "abuse" userid for this purpose.