Friend just got Goldun.Fam by going to a MySpace Customization site. http://research.sunbelt-software.com/threat_display.cfm?name=Goldun.Fam&threatid=43858
Looks like it uses this new vulnerability found in IE. No user interaction to get infected, this IS BAD! Seems there is no fix and to update java and to set all java levels in IE to prompt before install.
http://www.informationweek.com/security/showArticle.jhtml?articleID=183702452 (Toward the end, it tells you what to do.)
I do not see anything out there saying it has used a trojan. So I figured I better post here.
Friend said a file vs_prada.exe apeared on the desktop and he deleted it but did not go in the recycle bin. He did a system restore back to Sunday. (All this happened when I was talking to him on the phone.).