From a Dec 8, 2008 article in Computerworld:

"The majority of the attacks carried out by 2008's top 100 pieces of malware were caused by users surfing to malicious sites and then accepting some kind of download, Trend Micro Inc. researchers said today.

From Jan. 1 to Nov. 25, the top 100 attack programs infected 53% of their victims by duping them into downloading something from the Internet. An additional 12% of the infections tracked globally were caused by users opening e-mail attachments. "

In short, be cautious about opening any email attachment you weren't expecting or installing any software or ActiveX controls a website tells you you need.  Some OK items a site may ask you to install are Adobe Flash Player, Adobe Reader, Sun Java, or Apple Quicktime.  If in doubt, search the Internet for the name of the item you're being asked to install.