Is it always safe to open zip files?

It’s pretty obviously some bullshit spam.

No. Like all computer file-types, if you don’t know the sender, don’t open the file.

Do NOT open that file. Delete that mail immediately.

For example, it could actually be an executable with a hidden/fake file extension, or it could be a zip bomb.

I never heard of a zip bomb before. I always assumed zip files were safe, because I am allowed to attach them to emails.

I get the message. That email will be trashed.

It’s likely a bogus scam. Delete.
But do call your landlords and tell about the email. It’s possible that THEY are the victims and they might not be aware of having a malware using their contact list.

@LostInParadise Any sort of file can be attached to an email. Some host services put size and file type restrictions on what they’ll allow you to send, but that is an artificial limitation. Malicious emails typically spoof their host so that you do not know where it comes from. This means that the file could have anything inside.

IMO Zip/Rar files can potentially be the worst. Any amount of things can be hidden inside them.

Simple rule: If the subject line is vague and impersonal (e.g., doesn’t mention me by name) and seems generic, it’s spam or malware and I wasn’t expecting the email. I always shift-delete (permanently erase without going into the trash) the email with any attachments.

No important notifications are ever sent by email since there are so points of failure. For example, you will never receive an email from the IRS.

Even if you receive ebills from your banks, the bank will still send you important correspondence by USPS. Really, really important correspondence will be sent by certified mail, signature required, return receipt.

While we’re on the subject of the danger of attached files in emails, make sure that you make complete back ups of your hard disk. So when (not if) your hard disk crashes or if malware destroys the contents of your hard disk, you can restore the entire contents of your hard disk in an hour or two. Personally, I use two different purchased backup software packages and back up to two different hard disks. I back up the entire partition, not just individual files.

Sounds paranoid, excessive, over-the-top, neurotic and unnecessary, OCDish doesn’t it?

Remember the above paragraph when you lose your hard disk and haven’t backed up in years.

Sounds like CryptoLocker ransomware:
http://en.wikipedia.org/wiki/CryptoLocker

It will encrypt your hard drive and all attached drives. It will cost you $300 to unlock. So DELETE IT IMMEDIATELY! Careful not to double click it.

That really is nasty. I hope I never encounter that program. In the meantime, I deleted the message and removed it from my trash folder.

This is where top-notch antivirus is helpful. While not 100% effective, many of your better programs will either inspect the contents of the ZIP file or (more often) block you from unzipping it (or at least the harmful files in it) in the first place.

But AV software, regardless of quality or effectiveness, is no substitute for common sense.

The only files that are always safe are the ones that don’t ever have any interaction with your computer at all. The instant you transfer it, view it, or anything else, there is the potential for infection. Hell, there are webpages that can infect your computer merely by viewing them, though that is less likely if you are running a browser other than IE. (Fuck you, ActiveX!) And trojans come is a variety of styles.

You can scan the zip file with your trusted antivirus before opening it. Do it at your own risk. But the best thing to do is not to open it.