The user usually gets an email with a short message going like this:

“There are the keys to recover your personal account. In order to use them later, please, preserve them in a sure place.”

The text may vary from time to time, but the idea is always the same: to get the user confused. What account? Did I register an account. Let me see, maybe that zip file will clear things up. And the user opens up the archive so he would see the so-called activation keys.

Unfortunately for the naïve and curious user, the archive in question (usually dubbed active_key.zip or the_Keys.zip) is actually a copy of the Troj/Invo-Zip Trojan horse. It doesn’t activate an account (there is no account!), but the malware will successfully infect your machine and make compromise your data.

As always, the golden rule applies: you don’t know the sender and you’re not 100% sure about what’s in that archive? Then the Delete button is your best friend!