Apple Mail transports information about which program should be used to open a file (content type: multipart/appledouble;) in an additional attachment that is invisible to Mac users. Attackers can then call a shell script "image.jpg" and nonetheless have commands in the script executed. Apple took care of this security problem with an update in March 2006.
This email has a shell script attached to it that is disguised as a JPG. If your version of Apple Mail does not have the patch, it will show the icon for an image but nonetheless execute the commands contained in the attachment without further ado. This script only opens a terminal and displays the content of the current directory.