Good article
Apparently Facebook has already managed to block the attacks:
http://www.f-secure.com/weblog/archives/00002173.html
F-Secure also has some interesting discussion about what will happen when Google Images finally successfully blocks the malware links showing up there, effectively bursting this bubble.
http://www.f-secure.com/weblog/archives/00002175.html
Finally Sophos adds:
"It also appears that this malware is using the tried-and-true affiliate distribution method. The writers recruit other people to perform black-hat SEO, infect web pages and post blog spam and assign each one a unique affiliate ID to use in the URL for their traffic.
This allows the criminals to track which affiliate referred the victim and pay them a commission upon purchase of the fake software, enabling the criminals to cast a much wider net by sharing a portion of the profits with their "affiliates.""
http://nakedsecurity.sophos.com/2011/06/02/apple-to-malware-authors-tag-youre-it/
Affiliate malware, who would have thought...
But surely if the affiliate ID parameter in URLs has been identified, Google can use it to block the links, both in Images and via their Safe Browsing service that is used by Chrome, Safari and Firefox.
http://googleonlinesecurity.blogspot.com/2011/04/protecting-users-from-malicious.html