Some spam tries to get you to an exploited site (the fake "CNN Alerts", etc). It seems sometimes it is just a 'placeholder', no actual website is linked (just practicing, reducing levels of caution, intended hack failed, domain registration still in progress, etc. etc), sometimes an unwitting host has been alerted and has removed the offending page, but too many times "something" is lurking for the unwary or the overconfident. (Heh, congratulating yourself/gloating on your prescience in not okaying that "required codec" on offer while the real exploit silently does its stuff through some unpatched hole in your security is not a good look).

Some of that stuff is described through the links at http://explabs.com/about/resCenter/video_library.asp (yeah, yeah, they'd like you to buy LinkScanner Pro and they have a vested interest in scaring you until you do but there's information on offer which is the point of what I'm saying).

Not to be confused with the websites of the fake watch peddlers, the pharms merchants and the like - they (mostly) just want your money, certainly your confirmed address too, occasionally your identity and the rest of your money and any other disposable assets. But not/hardly ever (yet) your computer, as such. That would be bad for business.

Forewarned is forearmed (ouch! ... no, no, the *other* forearmed). Sun Tzu reckoned if you did't know your enemy you couldn't hope to win more than half the time. Make that "never" when the enemy, in fact, knows you and you don't know yourself/your environment. And they're more desperate than you.

I'd like to add that some exploits are really nasty. There was one on one of my regular wholesalers who got cracked that had an IFRAME injection scri_pt.

It was intelligent enough to detect that I was using Opera on Linux and sent a payload that tried to root my system!!!!!!!!!
(that Opera hole was plugged since, but still.... don't see many *nix capable exploits)