If the information at Sans is accurate Trojans for industrial espionage this is another example that anti-virus software is not enough.

If you read through the article linked in the Sans Handlers Diary Trojan horse also hit major int'l firms you’ll notice the investigation began in November 2004. The possible Symantic definition was posted first April 26, 2005. The Trojan was in use at least that long, maybe longer.

Interesting
... would send the virus hidden inside a promotional CD to various companies, which unknowingly uploaded the Trojan horse onto their computer system. The private investigators would also send emails to the various companies with the virus as an attachment, police said.

Also, this might be a nice story to print for your next budget request?