Well, we all know that we shall not click on links in mails and stuff like that. Marc Russinovich did an interesting analysis of a pretty simple bot: http://blogs.technet.com/markrussinovich/archive/2007/04/09/741440.aspx

What I like as well is that is shows pretty well how the Vista features would have blocked this attack