From Barracuda's announcement:
The virus, categorized by Barracuda Central as "Trojan.Backdoor.Haxdoor," is delivered as an attachment to an e-mail allegedly from the Microsoft Security Assurance team and utilizes several innovative social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well as the inclusion of a PGP signature block at the bottom of the e-mail message. The e-ail informs the recipient that "Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista."
With Microsoft's various software updates having been in place for so long now, I can't imagine a large number of users would feel comfortable installing an "update" e-mailed to them. Perhaps the virus writers were attempting to piggyback on Microsoft's customary prepatch Tuesday announcement.
We see this type of back door-enabled malware surface all of the time -- so why doesn't Microsoft, a law enforcement agency, or even security vendors, set up a honeypot to try to nail the creators of these things when users bite the bait?