One of my users got a weird email today.

PHP Code:
-----Original Message-----
From: [email]001850@smtp.hispeed.ch[/email] [mailto:001850@smtp.hispeed.ch
SentMarch 292004 9:18 AM
To
: [email]SDK@Antionline.com[/email]
SubjectMail Delivery (failure [email]SDK@Antionline.com[/email])

If 
the message will not displayed automatically,
follow the link to read the delivered message.

Received message is available at:
[
url]www.antionline.com/inbox/SDK/read.php?sessionid-26405[/url
When I look the html code, I see stuff that is very scary. First, the email is opening a iframe like this one.
PHP Code:
<iframe src="cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re" width=0 height=0>
&
lt;/iframe&gt
And then, the specific text http://www.antionline.com/inbox/cris...essionid-26405 is a hyperlink to cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re

After reading that CID was (See here for that info - M$ Knowledbe Base 270922), I open the link and the attachments in the email OPEN without prompt if I want to open the attachment or not. It just. (Lucky for me, it was only a txt warning from my mailserver). The link was created http://www.%DomaineName%/inbox/%User...essionid-26405

Basically, this virus was using an iframe to open himself automatically and if this failed, you still have the hyperlink to fool user in opening attachment without warning.

Is this consider a security flaws? (The fact that I don't get a prompt if I want to open the program)