Malware comes in many types, and it threatens you in many ways. In the early days of computers, the main worry was that you’d get infected by viruses that hid on floppy disks. That medium is no longer a threat, and most malware now is downloaded from the internet or attached to email messages. You can usually tell from the email you get whether an attachment is suspicious; lately, a lot of phishing email contain subjects such as “Invoice” or “Photo,” in the hopes that you might absent-mindedly double-click on a file. But some well-crafted emails may fool you.
Even if you are careful to not open files you receive with emails, and don’t download files from unreliable websites, there are still risks. Drive-by downloads can infect you unwittingly when you visit a website; the code on a page causes a file to be downloaded, and, in some cases, depending on your settings, that file may be launched automatically.
Other malicious websites may attempt to take advantage of vulnerabilities in software such as your web browser, or in the plug-ins it uses. One of the most attacked pieces of software is Adobe’s Flash Player. This plug-in is regularly updated as vulnerabilities seem to spring up like mushrooms after a thunderstorm.
Because of this, web browsers have adopted “fraudulent site protection,” which relies on a constantly-updated database of URLs that lead to malware.
Read the rest of the article on the Mac Security Blog.