Quite regularly, I get feedback from our customers that they've found malware on their computer, and don't know how it got there.
While you may think this is due to malware exploiting unpatched bugs in the Windows operating system, it isn't: these customers are predominantly using OS X, and they usually have all the latest patches applied. However, the malware they're finding is indeed often for MS Windows operating systems.
So are they infected? How did it happen? How COULD it happen?
The real story is both simple and a bit disturbing: our scanners are detecting these files in a few key locations: the email cache folder, email attachments folder, web cache folder, web downloads folder, and the Java web cache folder. See a pattern here?
These people are victims of drive-by downloads and malicious spam campaigns. Without visiting any shady parts of the internet, they have managed to pick up a collection of malware that, if successfully run, would likely result in their computer becoming part of a botnet.
EXAMPLES
Troj/Gida-A: drive-by Adobe Flash download that downloads and installs botnet software
Exp/MS04-028: drive-by JPEG download (can also show up as a false positive in partial jpeg images as it's an exploit detection) that can execute privileged code on un-patched Windows computers
Mal/JavaDldr-B: drive-by Java download that downloads and installs more malware
Mal/Iframe-AA: drive-by JavaScript in hidden IFrame that redirects the user to a page that detects what their system is vulnerable to, and attempts to exploit those specific vulnerabilities with the aim that the target joins a botnet
Mal/Iframe-AD: drive-by malicious HTML IFrame used in SEO-poisoned search results (often image searches)
Via email:
Mal/BredoZp-B: BredoLab botnet-generated, arrives via email
Mal/ChepVil-A: BredoLab botnet-generated, arrives via email
Troj/Invo-Zip: Zeus botnet-generated, arrives via email. Can also show up as a false positive in incomplete temporary zip files, as it's an exploit detection.
http://nakedsecurity.sophos.com/2011/11/12/you-practice-safe-computing-so-why-do-you-still-see-malware/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security