One stealth feature of malware is that they get you to install them without realizing it. For example, Microsoft has a setting to hide file extensions for commonly known programs (including .EXE). I often download programs and sometimes I expect to download a ZIP or RAR (similar to ZIP) and discover the site wants to download a ...ZIP.EXE program or ...RAR.EXE program. If you haven't changed your settings off of the usual Microsoft default you won't see the .EXE and when you click your download it will install rather than extract (and probably then extract so you don't realize you just installed malware.)
The moral: Change your settings to not hide common file extensions. Microsoft should change their default so as not to hide .EXE file extensions.