Thanks for the warning, a salutary tale.
A general piece of advice is to do all your day-to-day computer work, browsing etc. as a non-admin user - that way any such attacks are much more limited in the damage that they can cause, as the nasty that gets in won't have admin privileges to write to system areas.
SD