Have you ever looked in your referring sites report and seen incongruous referrers -- stuff that just doesn't look like it should be there?
Sometimes they'll show up as something like forex-for-you.com or surefire-currency-trader.com, which look incredibly spammy in themselves. You'd be unlikely to click on any site with that sort of name, as pretty much anyone would conclude that they "look dodgy".
Less dodgy-looking and equally as nasty are blocked-website.com and website-unavailable.com, two sites that have been cropping up quite a lot in referrer reports lately. With less dodgy URLs, you might convince yourself to take a look at the site to see what might be going on. Our advice: DON'T!
This is called referrer spam, where sites will create thousands of links to thousands of domains (often newly-registered sites), and sent bot traffic your way. When you view your analytics reports, you see the strange referrer and you visit the site to see who's linking to you.
And this is where the bad stuff happens: usually, the site will try and install malware on your machine. It's the sort of auto-download script that will make Google will try and stop you visiting the site, and the sort of stuff that your antivirus will have kittens over.
Our advice again: DON'T! Even if your tempted to see if your antivirus will block the site, DON'T!
A lot of the time, referrer spam targets new websites -- they're less likely to have much traffic or inbound links, and therefore when a referring site shows up in the stats, it's more likely to be noticed.
However, they can also make their way to established corporate sites and while most corporate networks will have adequate security in place, you can't be too careful.
It's a good idea to use a filter to exclude nasty referrers as you come across them. This can be done by adding a filter to the main profile that users in an organisation spend most of their time with. (This is why it's a good idea to have that "exclude internal traffic" profile that for internal client use; you can clean-up the profile on-the-fly and make sure stuff like this never makes it to people's reports.)
There's a good overview on how to do this at Businesshut.com, which also includes a list of partial referrer-spam domains to get you started. Be warned though, as no list is going to be current -- there's even an abandoned list of referrer spam sites from 2006 showing just how deep this problem runs.
In short: it's definitely worth taking the time to filter this stuff out for a corporate or client site, but if we're only talking about your own website then being aware of the existence of referrer spam is probably enough -- just know not to visit any strange sites!