Operation B49 is a Microsoft-led initiative to take down a known botnet - Waledac
- through industry collaboration and legal process. Operation B49 is
just one action in a long term effort by Microsoft to combat cyber
threats and advance the security of the Internet for everyone. from support.microsoft.com/contactus/cu_sc_virsec_b49

Microsoft has removed 277 domains used by Waledac leaving about 90,000 infected computers without a Bot Master. This has been more successful so far than the attempt by Computer Security Experts to take down Zeus.

See also www.theregister.co.uk waledac takedown success

Other Resources

Gmer is  useful utility to detect rootkits. Read up on it before use. www.gmer.net "all your rootkits are belong to us"

Read about Rootkits here 

All malware needs some place to hook in and launch inside Windows (or Linux, Max OS) when you boot. Unless it's a root kit.

There is an expert tool to find those places and let you manually remove malware. The only false positive I had was a Neotion DELL keyboard driver. Removing it meant no keyboard! Reboot with previous profile put it back. Read up on how to use Silent Runners (install) to manually remove malware (disinfection).

Remember these points to avoid Infection

• Don't click on adverts offering free scans. Even on anti-malware or other reputable sites. Site owners may have no idea what adverts are running. This is why Techtir has no 3rd party advertising. Google adverts are often used to serve malware.
• Never install a codec offered automatically when you try to play video, audio, view picture. It's usually a trojan. Install Codecs only from the official providers or specialist codec sites.
• Never click on email attachments even from people you know unless you are expecting the attachment and you know which attachments are executable. (.exe, cmd, .com .scr, .shs .pif .bat are only a few dangerous types).
• Never install extra toolbars on Browsers
• Use up to date browser
• Never have MS Client and File + Printer sharing enabled directly on Internet, only on a LAN when you have a firewall/router/NAT to connect to Internet. (It's in network properties of the actual interface in use, Bluetooth, 3G Dialup Networking, Ethernet, WiFi or whatever, also disable FTP, HTTP/Web server, HTTPS/Webserver secure, uPnP and SSD if connected direct to Internet without a firewall).

See also "Worm Spreading via Email"

Social Engineering

Offer people choclate and claim you are doing a survey and they will give you their passwords. Assuming they ever changed it from default (router drive by DNS poisonings)  or even set one (Windows Logon).

http://www.enterpriseitplanet.com/security/news/article.php/3342871/Low-Tech-Password-Cracker-Chocolate.htm
http://news.bbc.co.uk/2/hi/technology/3639679.stm

Then there people who use SAME user name and password for everything!
Buy a €2 address book. Give everything a different password like hY27napG, use different user names.  In Address book put name of site (use the alphabetic cut out at side), the email address you used to signup (in case THEY reset the password), user name and password.

Put your server, pc, wifi Key, router and email names/passwords in it or a separate book locked away.

Never store the password "address book" in the laptop bag.

Never let the browser store password for paypal, bank, credit card etc... Letting it store password for places like boards is likely OK if you set a master password.

Never use real words, phrases or substitute numbers for letters. Those are all easily automatically cracked.

Also physical security is important. If someone has a suitable CD/USB key they can boot you PC/Laptop from that and reset the admin password for almost ANY OS, or at least read the disk.

via El Reg

This does not mean Android, Linux/Ubuntu, Solaris, Symbian, Meego, Mac OS X or iOS4 is immune or more secure. It's just that currently the miscreants are targeting MS Windows. If Ubuntu or OS X had even 20% instead of sub 5% share, they would have just as much a problem. The most important thing is the person using the OS, not the OS.