[PavlovsCat]

> Yes, it's risky.. but what if they were really bold?

Isn't the question really how careless the people downloading the file are?

Is it possible to infect hardware through a virtual machine? Let's just assume it is; what's to stop someone from using a throwaway, one-way laptop? Get fresh laptop, install the tools you need, copy the files over via USB or network, disconnect the laptop and never connect it to anything ever again. What am I missing?

To transfer a lot of data (e.g. analysis results) back from the potentially infected machine, play back the data encoded as audio, record that with another computer and convert it back to binary/plain text/whatever. (There might be better ways but hey)

Sure, most people probably won't bother with any such stuff, and just stick to "only" viewing text files and images etc., but then all HT would have shown is what has been proven with email spam already: that if you can get people to treat unknown files carelessly, not to mention run executables, you can infect them.