F-Secure also recommends filtering domains at corporate firewalls. These sites should be listed as off-limits: toolbarbiz[dot]business # toolbarsite[dot]biz # toolbartraff[dot]biz # toolbarurl[dot]biz # buytoolbar[dot]biz # buytraff[dot]biz # iframebiz[dot]biz # iframecash[dot]biz # iframesite[dot]biz # iframetraff[dot]biz # iframeurl[dot]business
QUOTE
According to the Sunbelt Software blog, "any application that automatically displays a WMF image" can be a vector for infection, including older versions of Firefox, current versions of Opera, Outlook and all current versions of Internet Explorer on all Windows versions.