McAfee's Threat Center Blog noted that the attack involved:
"cascading threats, where one page leads to another and another, which leads to an executable, which leads to another and another. At least one of the payload trojans targets online gamers."
Salient points for small and midsized businesses are:
a) If you or any of your employees are online gamers, spread the word about the threat.
b) Only unpatched browsers are vulnerable.
You gotta wonder how many times this one'll have to be said: this mass attack targets a known vulnerability, one that regular, consistent patch policies would have long since eliminated.
Admittedly, this one targets an ActiveX vulnerability (hence the proportion of gamers among the targets)that may not have registered on the main sequence of necessary patches.
But that's a salient point too: all patches are necessary, and if you -- or any of your employees, friends, family -- are playing online games, then you should be especially aware of the modules and add-ons involved in your play.
And keep them patched.
Here's bMighty ANTenna's take on the gamer hack as well as a Harvard exploit from last month.