Google reports that an in-depth survey it conducted of 4.5 Million websites shows that 10% of websites are infected with "drive by" malware. The average user's computer is simply not equipped to defend agaist these kind of threats, where simply visiting a compromised website can result in infection. Once infected, a user is vulnerable to data theft, finiancial loss, etc.
The study also showqed that an additional 15% of websites have malware that is capable of compromising a PC, but is less effective at infecting a machine than websites with the more sophisiticated drive by malware.
In the report, titled "The Ghost in the Browser," Google Researcher Niels Provos writes:
"To entice users to install malware, adversaries employ social engineering. The user is presented with links that promise access to ‘interesting' pages with explicit pornographic content, copyrighted software or media. Common examples are sites that display thumbnails to adult videos."
This highlights a very real trend where spammers and hackers (spackers) are complimenting email with the web as a vehicle for payload delivery. Businesses and individuals must reposnd by combining indsutrial strenght email spam and virus filtering with industrial strength web virus filtering. In essence, email security alone is not enough. The paradigm has shifted to total messaging security.