Phishing mail, and an old type (though maybe a new infection)
Download and open the attached document (usually a zip file to reduce the chances of being scanned) and you're compromised
Usually a rootkit with worm, keylogger and other unredacted fun
Many AV programs don't scan compressed files by default, so zips often get past the firewall and the initial e-mail scan. If the AV software is out of date, or has poor or non-existent heuristics scanning ability then the machine is hacked.
A few years ago I had to untangle a machine which had been compromised like this. Customer could even remember the arrival of the mail and I was able to ID it. Quite serious results - the customer had received into his bank on a friday around £55.000 from a matured life insurance policy. He checked online to make sure it had arrived. It had, By the saturday morning it was gone, pilfered electronically along with £17,000 from another bank account
The machine was rootkitted, keylogged and trojaned, and from the date stamps on the files I was able to ID the phishing scam mail as the source of the compromise