Just read a fascinating article which examines in some detail how a particularly sneaky bit of malware can fool the unwary Windows user into parting with their credit card details. The malware poses as an anti-virus program - a scam that's been around for
years - but an approach that still clearly works - possibly more so nowadays as people start to worry more and more about identity theft and data security.
For the baddies - step one is to advertise your site (easily done - post lots of links onto other peoples unmoderated blogs). Step two - when the victim visits the site, present them with a fake "virus scan" and then generally nag them into submission using
all manner of sneaky tricks and dire warnings.
Full story here.