I have a much more likely scenario. They simply spread their malware everywhere
with drive-by downloads, phony system messages, work attachments from infected friends, lovers, coworkers, etc. just like what happened to a coworker, an above-average computer user for an IT company. all of a sudden he's got (literally out of nowhere) a new, very microsoft-looking anti-virus* (and considering that ms just came out with, or is coming out with a free fully-featured AV app, (which he knows, since he's in charge of enterprise software, including microsoft EA, etc.) he almost leaves it alone, until it asked him for $70 USD) that claimed to have found a nasty trojan that needed to be removed IMMEDIATELY or else the moon falls, internet dies, cthulhu comes a'calling, etc etc etc.
we've all seen the hokey web popups that claim to have found problems with your PC. this is just the not-new next step. which is all the easier to accomplish with software that you understandably *don't* want the user looking at...
* note: when i saw the phony AV malware, i, too, thought it was the new MS antivirus, until i poked around in it and found misspellings, grammar mistakes, etc.
(all you anti-grammar-nazis out there, this is why people bitch about it - it's very hard to take someone seriously when their thoughts are misspelled, unorganized, and give the impression they're representative of someone uneducated/irrelevant - imagine if you booted into AIX, or Windows, or were poking around in Excel, or your legit AV and were greeted with a screen that said "Weclome, user, our helps desk are for 24/7 hour service".....pardon the flamebait at the end please)