Why click that which you cannot see?
QR codes sure do turn up everywhere these days, a mysterious box of data just waiting to reveal its secrets in the form of your web browser. As with most new technology, the excitement trumps common sense, and already these little gems are being eyed up for the next wave of mobile exploitation. Click jacking is already a common exploit in the wild, the art of tricking a user into clicking your link - usually though a hidden iframe on the page. You might have been caught out by ‘liking’ something on Facebook that you didn’t intend, click-jacking accomplishes this. These methods require you to obfuscate your link, as anyone with some common sense checks to see where it goes first.
However with QR readers, the link is already obfuscated, you simply read it and let your phone do the rest, it wouldn’t take much to print of a few nasty codes, stick them over legit ones and let the fun begin ;)