"For example, malicious code writers could name a 'virus.exe'
file as 'virus.txt.exe' or 'virus.jpg.exe', he said. Windows
Explorer would then hide the .exe part of the filename, meaning
that the user would only see 'virus.txt' or 'virus.jpg'.
Additionally, virus writers would change the icon displayed with
the file in Windows Explorer so it looked like the icon of a text
file or an image. Users might then click on the disguised
file."