I'll be pwned for Christmas
You can count on me
Please have bots and viruses
And exploits for me
When talking to people about viruses and infections, I've found that many people are confused about how virus infections happen. By now most people realize that files you download can be viruses, but hackers have found ways to circumvent people's caution. First, the virus can be disguised as something else - such as an update to Flash Player - to trick people into trusting it. Second, a malicious website can utilize a vulnerability in your browser to secretly download and execute the virus. This is called a drive-by download, and some believe these types of attacks are responsible for most virus infections. This is one of several reasons why it's important to keep your computer up to date with the latest patches. Your browser, operating system, PDF viewer (usually Acrobat), Flash player, and Java (if you have it) all need to be kept up to date because each of them can contain vulnerabilities that can be exploited to gain control (pwn) your computer.
There are several goals a hacker might have for infecting your computer, but fundamentally a computer is a resource to exploit. Modern malware, particularly botnets, are becoming very sophisticated. If Zeus (Zbot) infects your system, it can modify webpages you visit to post it's own ads, intercept website credentials (including bank accounts) and send them to the hackers, steal documents, send spam email, turn off your antivirus, install additional viruses, track your keystrokes, and grant full control over your computer ... all from a file as small as 270 kb.
With millions of dollars per year at stake, it's no wonder that virus authors will do whatever they can in order to infect you. Among other techniques, one method is by referencing current events in their spam, or building sites which are specifically designed to appear at the top of search results for key topics of the moment. This time of year, that includes using holiday greetings to infect you and using websites that appear at the top of searches for holiday terms.
What can I do about it?
Get good antivirus protection. Use an up-to-date browser. Not only are modern browsers more secure, newer versions include protection against malicious links. Use good spam protection. Keep your OS updated, and if you're still running Windows XP it's time to move up. Always, always think before you click.