Malware, including computer viruses, spyware, adware, and trojans, can invade your computer through various routes including visiting a malicious or infected website, downloading a fake software update, opening a malicious email or attachment or inserting a flash drive or other storage device that is already infected.
Simply by visiting a legitimate website, your computer may become infected without you downloading or even clicking anything. This can happen by advertising that many sites allow for extra revenue.
This type of exploitation is called ‘malvertising’. Even the New York Times and the Drudge Report have have been unwitting accomplices to malvertising. (More info)
The way this works is that an unethical advertiser publishes an ad that uses Java script to infect your computer simply by being displayed on the screen. In the background, the Java script infects your machine. Of course, if you don’t allow Java script in your web browser, you can prevent this type of attack. But Java script is used so pervasively on the web that if you disable it, many websites will lose their features and visual qualities. So 95% of people leave Java script enabled. Unfortunately, sophisticated criminals sometimes try to publish these rogue ads that secretly infect your PC using Java script exploits.
TIP: Firefox users can run the free Adblock Plus extension which blocks most ads thereby reducing your exposure to malvertising.
If your PC does not have current antivirus/antimalware software, it is just a matter of time before malware infects it. And even if your PC does have current AV (antivirus/antimalware) software, it is still possible for it to become infected because no antivirus product is 100% effective at preventing malicious software from gaining a hold on your computer.
Virus creation and distribution is now a worldwide criminal enterprise and virus authors are constantly working to invent new ways to avoid detection and infect more computers. Advanced software toolkits such as the Zeus Toolkit are even available for sale to criminals to help them easily create malware.
AV software vendors are always improving their detection schemes, but cannot keep up with the daily influx of new malware churned out by professional criminals.
Once malware gets into your computer, it is also a less than perfect world as far as removal because AV software is not 100% effective at removing malware. Plus, once malware itself is removed, negative effects on your computer may remain due to incorrect registry entries or other configuration problems intentionally left behind by the malware. Some malware is even designed so that if it is removed, your computer will no longer boot-up or other even worse consequences. AV software does not always correct these after effects of malware removal.