Typically, a malicious Web app is a form of Trojan horse: The app claims to be something else--and it may in fact run some legitimate utility or application--but once you click it, it runs malicious code in the background that may compromise your system or secretly download other malicious payloads from the Internet.

Speaking of Web apps, Camp warns, "While they allow increased functionality within the browser, users should be aware of how deeply into your system they may be able to reach."

Some attacks try to entice you to click a link in an email message, which then connects to a malicious Web app that infects your PC with malware. Other tainted apps lurk on the Web, waiting for victims to wander by. In some instances, attackers have exploited vulnerabilities on a website or have employed poisoned ads to get malware-bearing Web app content uploaded to an otherwise legitimate and trusted site.

Fred Pinkett, vice president of product management at , says that users should approach obscure or unknown websites with cautious skepticism. He explains, "Generally, the more well known, the more likely it's okay, but this does not always hold true. Look out for common tricks like IP addresses, misspellings of common sites, [and] funny-looking URLs with [special characters] in them, although this is not always malicious."

Don't assume that you're safe if you avoid Microsoft Windows. Web apps do frequently target specific vulnerabilities, and Windows is often a primary focus, but Web apps--both benign and malicious--are fundamentally platform-agnostic.