Phishing & Email Virus Scams: 2012 Update
Email-borne malware all but disappeared a few years ago, as email software became less tolerant of unsafe file attachment types (such as .EXE and .VBS) and closed security faults, and ISPs introduced virus-scanning on inbound email. But 2012 saw an resurgence of this attack vector, which usually encloses the malware in a .ZIP file and combines the attack with phishing-style social engineering by using convincing-looking copies of correspondence you may receive from real companies. Telstra, Vodaphone and Qantas have been used commonly, and the emails tend to arrive in floods, sometimes with dozens arriving during the course of a day.
Furthermore, your local virus scanning or that of your providers may not flag the files as suspicious because the files are being altered very frequently. It can be many hours before anti-virus definition updates can be shipped to client systems.
So this can be a real threat to users, particularly as it is frequently impractical to block or delete all .ZIP attachments.
Some examples are: