As it was explained to me, this latest threat/penetration was helped along by BHOs (Browser Helper Objects). BHOs (see this Lavasoft forum article for a good description) are useful additions to IE but, sometimes, they can turn nasty. That's why I've been running a BHO watcher for a couple of years, now. My favorite has been BHODemon (free from DefinitiveSolutions. It's been stuck at V1.0 for, I dunno, a couple of years? They've just released 2.0 and it's free!
From one of the venture blogs I watch, here're the pix.
I guess I should've been a bit more verbose in my last entry. Microsoft has a whole range of Express products: Visual Basic, Visual C++, Visual C#, Visual J#, and Visual Web Dev in addition to SQL. The Express page is here and it's a jumping-off point to the rest of the products, including links for downloads.
Microsoft's making SQL Server 2005 Express available here. The web page says it's a free implementation based on SQL Server 2005 and will run on Windows XP as well as Server 2003.