Your computer can be infected with malware just by landing on a website that that has been compromised by an attacker. This is called a Drive-by Download.
The attacker uses an Exploit Kit to exploit vulnerabilities in your system. The attacker does not need to have advanced computer knowledge to carry out this type of attack.
An Exploit Kit will look for vulnerabilities like unpatched software (software that has not been updated) and weak passwords.
The two most likely reasons you will get exploited is due to unpatched software, or social engineering.
The practice of tricking a user into giving, or giving access to, sensitive information, thereby bypassing most or all protection.
Keeping your software updated does not mean “Windows Updates”, but third-party software including any Web Browsers that you use.
There are programs that will advise you of software on your system that needs to be updated, and install those updates for you. A popular one is Patch My PC – Home Updater which is free. You can use it to inform you of the software that needs updated, and do it manually, or use it to update everything automatically.
Ronnie's Blog 