My own computer has been struck twice (that I can remember). One time was after letting a friend borrow it for a couple hours; checking hotmail and some forums. I think there must have been some malware in a banner ad. Since my friend hadn't browsed any "questionable" stuff, I only noticed the malware after it had deleted a bunch of mp3 and jpg files. Fortunately, the jpegs had been backed up, and the MP3s could be re-ripped.
The other time was when I mistyped an URL and got to one of those typo domainsquat "search engines" that also popped up a couple of alternate pages. I aborted the stuff very quickly, but not before the site had managed to use some IE holes to automatically install some activex control or whatever... was easy to remove and didn't have time to do any damage, though.
My mum was hit by some stuff recently. She was trying to find some online shop selling massage oil (of the non-naughty kind), but ended up on a pr0n site. Again, buncha popups and auto-install-without-asking. No, she doesn't blindly click "install", coz I told her I would lock her PC for a week if she ever did that.