If you think Phorm - the evil advert-spooking system practically all the UK's eyeball ISPs want to force on you - isn't so bad, I've got news for you. First of all, let's have a look at this Grauniad Tech article.
So, let's put them together; if you're a Phorm customer, you can get the interests and web habits (and billing data?) of everyone in the UK delivered to your dodgy website in real time, and then you can reload anything you damn well like in their browser based on that information. Suddenly - let's back off here. It'll be someone unpopular. At first. So bnp.co.uk or alghuraabah.co.uk sends you to www.sweeticklekiddiesandtentacles.203vggngh65t7.biz.cn; and there's fuck all you can do about it, except try to explain the concepts of "deep packet inspection", "iFRAME SEO injection", and the like to a court of law.
Paranoia, right? Not so much.
You think that's scary? Here's some more F-Secure for you. There is at least one exploit out there, which could be delivered through the lines we just discussed, that writes dubious code to the BIOS - the low-level insect brain of a computer, the bit that lights up the screen, spins up the hard drive, and explains how to read the boot sector and start the operating system. The only fix there, I think, would be to format the fucking lot and install something completely different - or throw the damn thing in the sea.
But here's where it gets bad; the thing nicks your online banking passwords. And then what does it do? It puts money into your bank account. Feel free to speculate.
Update: Now that's what I call an April Fool from F-Secure. A cracker. This is of course without prejudice to the rest of the post, but I should have realised there would be no way they'd have included a live link to the exploit if it was real. If you were brave enough to follow it, well...you'd get the joke.