Because this exploits particular programs on Windows, rather than Windows itself, your machine can get infected simply by visiting a Web site that's set up to exploit the flaw.
The days when reactive technology would protect you are gone.
This is a business; this is organized crime. People are making money on it.
They can upload stolen information to a hijacked server that isn't connected to them at all. They don't ever have to leave a trail that can be followed back to them.
If you didn't ask for the attachment, don't open it.