so if you get an official looking email from microsoft telling you to run the attached file, it’s not from microsoft. it’s a virus writer social engineering you into installing a worm/virus on your computer. it’s the easiest way, you know, get people to do it to themselves, that way it cuts down on the code you have to write. more information here
beware social engineering.