Websites by Nature

Facebook/myspace/twitter/youtube are examples of User Generated Content.  UGC by definition means not likely to be moderated.  This is like walking down the street, seeing a pill on the sidewalk, and eating it.  There is no 'moderation' or 'regulation' on UGC.  I can write a virus, insert it into my pictures from my last cool party, and put them on my facebook page.  This would then infect everyone that looks at it using a windows computer. 

Then there are your top-tier websites that aren' social networking, Amazon, news.msn.com, newspaper sites, banks and such.  These sites are safe, with no user generated content for the most part, this means it will be like winning the lottery to find malware to infect your PC on one of these types of sites.

Then the bottom rung on the internet... Porn, Gambling, Illegal music/videos/movies, software cracks, 'hacking' information, and similar.  All of this type of material lends itself to small site operators, small private or sole proprietors, organized crime, and similar.  Since online gambling is illegal, there will be no large companies with a board to worry about, it's just one guy.  If he gets offered money to infect some computers, he might go for it. Out of all the porn sites, probably a majority are not legitimate. 

Re-Cap: 

Photos from your friends are probably safe, unless the email says pictures of some celebrity.  If they are photos your friend took: safe
Photos your friends put on your profile, or theirs, clips from the web, and web links they paste: 90% safe.  (it won't take very long to find the 10%)
Randomly clicking twitter/blog links around the internet: unsafe
Browsing top-tier websites, not leaving their site: very safe

What to Do

Look for basic signs of illegitimate content.  You can find advertisements for porn sites or illegal products on many illegitimate websites.  That is a huge clue.  Will you find an ad for penis pills on the wall street journal, or thepiratebay.org? You can decide :)

Install a decent antivirus, we do it for free with every job that walks in.  www.avast.com

Other ways they get in

It used to be in the days of floppy disks, when all your information was in stacks of floppy disks, that virus/malware spread around from disk to disk.  This still happens but much less often.  Now the problem is USB memory sticks and the memory sticks from cameras.  The fun trick I've seen is when someone puts a really good new virus on one of those Kodak picture kiosks at your local drug store, then every time someone puts their flash disk in the computer to print their photos, they bring a virus home.  These virus can't infect your camera, so if the card only goes from Kodak machine to camera, no problem.  Your camera is immune.

Emails

Inbound email is a huge culprit, probably about 30% of our infections we see come from email vs. web surfing.  They are mainly 3 or so methods that a virus will come in via email, and they are always showing clues before you even open them.

1. Outbound links to sites that can infect you: If you get an email with a link to a website that you aren't expecting, isn't a top-tier website, be very wary.  For example, "Hallmark E-Card from XX" Halmark doesn't do e-cards.  And if it wasn't the full name of a friend, you wouldn't want their card.  There will also be links to fake customer service pages for banks, you can always spot these fake links by moving your mouse over the link and seeing where it's sending you.  If the bank's name isn't at the end, right before the .com, then you could have a fake.

Example; bankofamerica.blah.something.biz - vs. something.internal.bankofamerica.com - the second is owned by Bank of America, the first is a really bad link.

2. Attachments disguised as something other than an executable.  Executables, or .exe, .bat, .vbs, .com, and others are all programs that just run the contained code right on your computer.  Sometimes people will send a link like 'UPS Tracking number Confirmation attached' and then attach a file like 'tracking_number.exe'.  Don't do it, attachments are as a rule, un-safe.

2a. Actually, even pictures, PDF's, and other types of attachments are really bad.  Adobe keeps getting hammered with acrobat vulnerabilites and flash/air too.  This means someone can send you a PDF file that has CODE in it to install a virus on your computer.  The same type of thing can and does happen with .jpg, the most universal Image format there is.

Attachments are never sent by companies blindly.  If someone tells you they will send you X file, and then it comes, its safe.  If you just get an attachment blind, you are really tempting fate by clicking on it.  Most of the time the email will be mysterious to try to trick you into opening it - I know it's hard to NOT look at that tracking number to make sure you don't have a package on the way - but DON'T.  You don't have a package on the way.  It's a VIRUS!

Don't go living in fear, 95% of email virus's get caught by the mail server, an inline scanner, or your AV software on your computer.  You only have to stop the other 5%. 

Good luck!