It's all in an attempt to get targets to open up the zip attachment by telling them it contains evidence of their spamming. Actually it's an .exe file that infects the machine but displays like a document, according to the Websense Labs .

MORE:

The attachment installs a downloader Trojan that copies itself to the system path so it executes when the system boots up. It connects to remote servers to download specific exploit files. The blog says the current attacks could contain other variants of the Trojan as attachments.

The new attack cropped up Monday in WebSense's ThreatSeeker network that gathers data about malicious email campaigns. The emails are dressed up to look like they come from real businesses that is upset because the recipient has been spamming them. "The emails even formally claims that legal action will be taken because of the spam you have sent," says the blog.

The blog includes an image containing the text of one such email: "Hello. Your email is sending spam messages! If you don't stop sending spam, we will be impelled to sue you! We've attached a scanned copy of the document assembled by our security service to this letter. Please carefully read through the document and stop sending spam messages. This is the final warning!