The most common way for a computer system to be compromised by an attacker is to trick the user into executing an application which performs a malicious function. Linux is typically resitant to such attacks, because users cannot run executable files until they set the required filesystem permissions. However, there is an exception.
Both Gnome and KDE use small files called "launchers" which are similar to shortcuts in Windows. The desktop interface will execute commands programmed in these files when double-clicked without requiring extra filesystem permissions. Furthermore, the actual filename and icon displayed can be altered to trick the user into thinking the file is not executable, but an image.
I provided a link to a simple example. You will be prompted to save a "GIMP image" file. GIMP is a popular image editor in Linux. If you are a Linux user, save the file to your desktop without editing the file's name to end with a common file extension. A launcher that appears to be a gimp image with the name "innocent.xcf" should appear on your desktop. When the launcher is double-clicked, a command will run which will show a message if you have "zenity" installed.
This has been fixed in recent versions by requiring launchers to be executable.