Browser exploit discovered which can execute any program on computer with privileges of the user under which browser is executed.
Random webpage has code injected to download somefile.txt which is actually an executable disguised as a text file. Chrome/Firefox/ie doesn't complain and downloads it to default location.
Next page exploits execution of file, file extension doesn't matter.
UAC: File wants your permission to execute. (unsigned unknown wtf is this)
No UAC: Kernel driver installed, rootkit operational, welcome to the botnet.