Joe Stewart is the man . . . I have a ton of respect for him and everyone at Team Cymru. They teamed up to find the C&C for the Mega-D trojan and Joe has done another one of his excellent write-ups here: http://www.secureworks.com/research/threats/ozdok/?threat=ozdok
What I find interesting is:
Joe doesn't explicitly link Ozdok / Mega-D to any particular web based 0-day but there have been a number of 0-day's in various products in recent months that could have been used to infect these 35,000 machines (Acrobat, QuickTime etc.).
Here's the recipe for disaster:
The bad guys compromise a legitimate Apage / PHP server and set it up to serve up the exploit + malware payload . . . BUT they can make the PHP pages they upload only hand out the exploit a certain number of times to a given IP address or they can make it only hand out the exploit + payload if you click through to the page from a search engine result or a combination of both to make it harder for first responders to figure out where it came from. The bad guys can purchase or download all of the major AV packages and continually refine their malware until it is no longer detected by any of them (and in fact they probably automate this process!).
A strange game - the only winning move is not to play.
Given how few people actually seem to update Java, QuickTime, Adobe Reader, Flash etc on a regular basis, it doesn't have to be zero-day.
I recently discovered that installing new Java Runtimes (JREs) does not block off access to old ones - a web page can request a specific version and if installed, it will load, EVEN IF IT IS VULNERABLE. This germ of information came from Secunia's Personal
Software Inspector (https://psi.secunia.com/).
Keeping the OS up to date is no longer really a problem. Keeping the web browser updated is harder, if it's not shipped with the OS. Keeping plugins updated seems to be very hard indeed.
If you're interested in keeping your system secure, ditching Adobe Reader for the apparently less vulnerable (though probably much less targetted) Foxit Reader seems like a good idea.