Full article here
There seems to be a new phishing technique, that requires nothing more of a user than opening an E-mail.
Exploiting Windows Scripting Host and/or ActiveX, that E-mail executes a script that alters the content of the Windows hosts file. Effectively, it assigns different IP's to Domain names, and points users that use that domain name to a forged website.