これはだまさせる！

Note the real URL (cfm48.com) and the spelling errors ("Please intall").
If you click the Urgent Install button, you'll get a file called WindowsUpdateAgent30-x86-x64.exe, which is not signed by Microsoft. (i.e. Click the button  Download a Trojan-Dropper.)

The dropper is now detected as Trojan-Dropper:W32/Agent.DYD, and the dropped malware was already detected as
Backdoor:W32/Agent.CVU; this is functionally the same as the earlier Backdoor:W32/Agent.CTH.

関連URL

• Fraudulent Microsoft Update Web Site(US-CERT Current Activity)
• またも「Microsoft Update」に偽サイト、トロイの木馬を誘導 - ITmedia エンタープライズ