The trick in this Bagle is that when user opens the attached ZIP archive, this is what he sees:
...and many users would then wrongly assume that the HTML file is just a web page and safe to click at...after all, there are no dangerous EXE files in sight. Well, that's because it's in the PRICE folder, and the PRICE.HTML will just load and run it.
Repeat after me: HTML files on your local hard drive are not safe to click at. The same file might be perfectly safe when you access it over the web (ie. surf to http://something/somefile.html) and horribly bad when you click on it locally (assuming a typical Windows user with default settings).