OFSO
IMHO these possibilities exist:
1. these attackers are exploiting an undisclosed zero-day vector, which is unlikely unless you are either a good target e.g. hold a security clearance, or you are well-known and vulnerable to blackmail.
2. you are running some insecure software e.g. XP, Outlook Express, etc. or supported software that is unpatched
3. you acknowledged a UAC prompt when you shouldn't have.
Notwithstanding the above, your "dedicated server with filters turned on" is not doing a very good job. Furthermore, how will this system you are setting up be able to identify a file as "geniune"? Checking for a valid image file extension may not be enough.