I notice a common attack vector is fake antivirus websites. People will quite often click without even thinking about it on something that says their computer is infected even though it's just an ad. This is another issue, people are conditioned to simply click on things without thinking about it. A study was in fact performed regarding this with a button that users were actually told via text to not click as it would infect their PCs (it was a fake of course but the people clicking it didn't know that) and it was found that a large percentage of them clicked the button anyway because they didn't bother to read any instructions or any other text, just the button.
Another issue I see very often is people will buy a new PC that usually has a trial copy of an antivirus and they will not activate it. What's more, they don't go about getting another antivirus because they believe it's actually active and working. When I explain it to them, they usually give me a look of bewilderment and they don't understand the problem because they still believe an active AV that is up to date is on their PC. I have to use the analogy of expired insurance to explain it and then they begin to understand.
A problem in general is the lack of education and also the lack of caring from many people that just see the computer, as keiichi25 said, as nothing more than some appliance that should just be turned on and work. They don't think about how to use it or what they should do with it. They should think it about more like a tool that needs to be used properly but alas, people for the most part just don't care. Working in support, I often get people who will call in and when I even begin to try and troubleshoot with them to get them to click on something, they'll respond with "I don't know what you're talking about. I'm not paid to do or know any of this. You fix it." The common example being the lost document and people not saving along the way then wondering why they can't get it back. I remember one user called in once after sending an e-mail and said he wanted to get it back and not have it sent. He wanted it recalled. I told him that he could technically recall it but it wouldn't really do anything except tell the person he is trying to recall it but the person will still be able to see the original message; apparently he had accidentally sent this person a nastygram he meant to send to someone else that talked badly about this person. I told him unfortunately there's nothing that can be done because it's like a letter that was sent via regular mail and had already arrived, once it's there, not much you can do to get it back. This sent him into a rage because he thought the computer was a piece of junk for not being able to do what he wanted.
But getting back to the viruses, it's really just a lack of user education. I often get the question from customers if they can install file-sharing software on their own PCs to download pirated music. I could tell them about how it's bad to pirate music and what not but this usually gets the response from customers of tuning me out so I don't even bother with the ethical implications anymore. I now always respond with the fact that they technically can except these are like virus magnets if you don't know how to use them properly and what's more, any software warranty they have with me is completely invalid the second they install this software. Even with this explanation, they don't care usually and I'll get their infected PC back within a month or two and repeat the same speech to the same customer who is now much more attentive because they had to pay me again to fix their PC after their screw up.
Again, it's all about education and caring just a little bit about your PC; a great tool for many purposes. I tell people that it's like a car, if you don't maintain it properly and take care of it properly, then it's not going to last you very long.