YouTube ads spread banking malware
"Security researchers at Bromium have discovered that hackers were spreading malware onto computers while unsuspecting users were watching YouTube videos.
The drive-by-download attack was distributed via adverts shown on the YouTube website, and used an exploit kit to infect Windows PCs with a version of the Caphaw banking Trojan.
According to a blog post by Bromium, the attack relied upon the exploitation of a Java vulnerability (CVE-2013-2460, patched by Oracle in mid-2013)."
You really can't be safe anywhere! But what you can do is get rid of Java. It's by far the most vulnerable software, or to quote Mikko Hypponen "The battle at hand right now is with Java and Oracle. It seems that Oracle hasn't gotten their act together yet. And maybe don't even have to: users are voting with their feets and Java is already disappearing from the web"
So regarding this I've questioned F-Secure why their free tool HEALTH CHECK is built with Java. Their answer:
"F-Secure is in the middle of a process of replacing Java-based HealthCheck with a new technology and improved functionality." Great!