Sophos noticed spam messages that tricks users to download a fake Symantec product. The spam is not just a basic text file but it looks like a Symantec site.
The blog entry at Sophos notes that the images in the spam are hosted at imageshack.us which is an image-hosting site. There is a link in the spam which looks like it points to a Symantec site but Sophos found out that it actually points to a rogue URL which is a compromised Czech site.
The file that the site wants the user to download is a Trojan, written in Delphi.