There’s been quite a few of these Winldra variants we’ve been finding (this is the keylogger behind the identity theft ring we stumbled onto a while back).

One thing: 

Not one of the machines we found infected were running Windows XP Service Pack 2.  ALL of the infestations are occurring on older Windows XP systems.

This thing can be installed through one of many different exploits, *.CHM, Java.Encoded links, Mime 64Base encoded links, Unicoded, javascript encoded scripts : %3F, \U00##, etc.  Most, if not all, of these exploits were fixed even prior to SP 2.

During one test, I went to a site that installed the keylogger.  Windows XP SP2, no problem.  Didn’t even touch the machine. Unpatched — zing! Instantly infected.

To those that insist on not upgrading to SP2, you are nuts.  Sorry, it’s the plain truth.  You’re playing with fire.

(Thanks Patrick)