I found this on a Security Forum that I subscribe to:
If It Sounds Too Good To Be True...
We received a report from a reader who found a little more than he bargained for when looking for a cheap used car. It appears that some rather unsavory characters are posting "deals" online that carry some surprises. When you go to look at photos of your "ride-to-be", the seller tells you "please check the pictures on the file. Are packed with WinZip SelfExtract , I don't have much space in this free host and I can put the on the server. After you download it, if you open the file will ask you where to unpack the files."
Uh... sure...
The executable packs a bit more than some candid photos of your dream car. It carries a version of the QHosts trojan which makes changes to your hosts file pointing domain names for various escrow services to a specific IP address. The seller then insists that to "safeguard" the transaction, an escrow service must be used. Care to guess the rest?
Moral of the story: If it seems too good to be true, it probably is.
Don't Let This Happen To You
Another reader pointed out a different scam. This time, the victim receives an email claiming that their credit card has been charged. The victim is given a link to view their "invoice." While none of this is new, the almost overwhelming barrage of exploit attempts at the other end of the "invoice" link was astounding. The victim's machine is hit with three different exploit attempts, targeting different vulnerabilities. It appears that some piece of dirt out there is an over-achiever.