I sure hope those office PCs are not connected to the internet in any shape or form. If your system is not up-to-date with the latest patches, you're asking for trouble and inviting people into your machine/network.

Anyway I'm sure you couldn't be one of those attacking plus.net for their lapses in security after reading this

I think it's the ideal time to drill the message down peoples throats about ensuring their systems are up-to-date. These trojans are being loaded into legit hacked websites / servers all over the place now. If plusnet didn't get you, there's a very good chance another site would have infected you in the end.

Sorry that should have read It's not just their security issue!

Was typing reply in a hurry ;(

Oh definitely. If you're running an unpatched system you would have been gotten in the end. Users who have been infected with the Trojan must take their share of the responsibility. But so must PlusNet.

Gotten in the end - definitely...

From the BBC website - http://news.bbc.co.uk/1/hi/technology/6645895.stm

One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC.
Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "in-depth analysis".

About 450,000 were capable of launching so-called "drive-by downloads", sites that install malicious code, such as spyware, without a user's knowledge.

A further 700,000 pages were thought to contain code that could compromise a user's computer, the team report.

To address the problem, the researchers say the company has "started an effort to identify all web pages on the internet that could be malicious".

Being an office network it's secured by a Linux firewall and anti virus software at the server level. Also users don't log into Windows as admins which I believe (possibly wrongly coz it's windows) stops most stuff installing. However how I manage network security is not my point.

The point is a lot of people have good reason not to keep windows up to date even though they know the risks. Also a lot of people don't have the choice as MS have discontinued updates to 95, 98 and ME, yep they are still in use in the real world.

I have no problem blaming an ISP for poor security any more than I have a problem blaming MS. They are the professionals, most of us aren't. Every time I have a computer problem I'm fixing for free something a professional was paid to get right in the first place.

The biggest problem here, which granted is not Plusnet's fault, I would bet a

Even the illegal copies of windows get security updates.

Only the high risk updates - All the others are blocked. afaik

I think non risk updates are blocked eg updates to media player, but i think (but not sure) that the security ones are for all. Think it's one Tuesday every month.