The general understanding of viruses is that you can pretty much avoid them if you just never download anything that ends in dot exe, unless it comes from a source that you know for certain is legit. What some might not know is that simply browsing an unsafe website can infect your computer with a virus.
You’re probably thinking of those scuzzy websites that offer illegal torrents, adult content and so on. In fact, one of the worst places to go without any security software in place used to be MySpace. Youtube and Facebook have both been afflicted with cross-site scripted viruses and worms, as well (in other words, there may be more than one reason to restrict your employees from checking their social media accounts at work if you enforce that policy).
The way it works is fairly simple: Cross-site scripting means that if Youtube or MySpace grants a website permission to cross-post content from their own site, then they may also grant them permission to post any content from that site. The website may take advantage of this to spread viruses and worms without even needing to host them on Youtube, simply using an ad placement or a comment thread as a channel through which to spread viruses from their own site.
Why do people do this? In some cases, cross-site scripting may allow them to gain higher access levels to the content on the targeted site, such as user information. On the other hand, some people who write viruses are just vandals and they like the idea of messing up your private data.
Most major websites are fairly vigilant when it comes to seeking out and dealing with cross-site scripts. Making sure that the right software is installed should generally help to keep your hardware from being infected, but if something seems off, don’t write your concerns off simply because you haven’t downloaded anything recently.