This can not be repeated often enough. Microsoft *WILL NOT* send attachments to you except by prior arrangement.
Any E-mail arriving from an address like 'anything@microsoft.com' containing an attachment should look like a huge billboard reading
'I am a virus' to every computer user.

See the following page for more information.
Microsoft's policy regarding software distribution.

Also Known As:
Win32.Bugbear.B [CA], W32/Bugbear.b@MM [McAfee], PE_BUGBEAR.B [Trend], W32/Bugbear-B [Sophos], I-Worm.Tanatos.b [KAV], W32/Bugbear.B [Panda], Win32/Bugbear.B@mm [RAV]

W32.Bugbear.B@mm worm is:

• A mass-mailing worm that also spreads through network shares.

• Polymorphic and also infects a select list of executable files.

• Possesses keystroke-logging and Backdoor capabilities.

• Attempts to terminate the processes of various antivirus and firewall programs

The worm uses a vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.
Read:
Incorrect MIME Header Can Cause IE to Execute E-mail Attachment [MS01-020]
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp
In addition, the worm contains routines that specifically affect financial institutions. This functionality will cause the worm to send sensitive data to one of 10 hard-coded, public Internet e-mail addresses. The sent information includes cached passwords and key-logging data.

 Also SeC:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.html

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BUGBEAR.B

Gibe.B

Also Known As:
WORM_GIBE.B [Trend], W32/Gibe.b@mm [McAfee], W32/Gibe-D [Sophos], I-Worm.Gibe.b [KAV], Win32.Gibe.B [CA]

W32.Gibe.B is a variant of W32.Gibe. This mass-mailing worm uses Microsoft Outlook and its own SMTP engine to send itself to all the contacts in the Microsoft Outlook Address Book and the Windows Address Book. The email is disguised as a Microsoft Security Update and it arrives with an attachment that has a .exe or .zip file extension.

W32.Gibe.B@mm copies itself as WebLoader.exe to the startup folder of all the mapped remote drives. This worm also attempts to spread through the KaZaA file-sharing network and Internet Relay Chat (IRC). W32.Gibe.B@mm may send itself to some news groups whose URLs are carried by the worm.

The fake message, which is not from Microsoft, has the following characteristics:

 Also SeC:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;319652

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/gibe.asp

And from Symantec.
http://www.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html

Also Known As:
W32.HLLW.Mankx@mm, W32/Palyh@MM [McAfee], W32/Palyh-A [Sophos], I-Worm.Palyh [KAV], WORM_PALYH.A [Trend], Win32.Palyh.A [CA]

 It does very little that hasn't been done by dozens of other Windows mass-mailer worms (it also spreads to network shares, if available). The Palyh worm is designed to look like a patch from Microsoft, a cool screensaver, an approval, or a bunch of other random messages. But when you click on the attached file, watch out! It emails itself, looks for open shared volumes and other nasty things.

 Also SeC:
Manual Removal instructions can be found here.
http://www.sarc.com/avcenter/venc/data/w32.sobig.b@mm.html

Also see this page for more details.
http://www.eweek.com/article2/0,3959,1094210,00.asp

Also Known As:
PE_DUMARU.A [Trend], Win32.Dumaru [CA], W32/Dumaru@MM [McAfee], W32/Dumaru-A [Sophos], I-Worm.Dumaru [KAV]
W32.Dumaru@mm is a mass-mailing worm that drops an IRC Trojan onto the infected machine. The worm gathers email addresses from certain file types and uses its own SMTP engine to email itself.

The email has the following characteristics:

The worm will also infect exe files on NTFS partitions.

This threat is written in the Microsoft Visual C++ programming language and is compressed with UPX.

 Also SeC:
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html

Use the removal tool available from.
http://www.symantec.com/avcenter/venc/data/w32.dumaru@mm.removal.tool.html

Also Known As:
Swen [F-Secure], W32/Swen@mm [McAfee], W32/Gibe-F [Sophos], Worm Swen.A

W32.Swen.A@mm is a mass-mailing worm that also attempts to spread through file-sharing networks, such as KaZaA, and IRC, and will attempt to kill antivirus and personal firewall programs running on the computer.  The worm arrives as an email attachment. The email subject, body, and From: address can vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail.
W32.Swen.A@mm is similar to W32.Gibe.B@mm in function, and is written in C++.

 Also SeC:
http://www.symantec.com/avcenter/venc/data/w32.swen.a@mm.html