Herein lies a security problem I've harped about for yrs (I have 16 yrs in dataprocessing - mainframes, midranges, and networks):
The midrange and mainframe systems have been relatively impervious to virus' and have fewer "entrances" for hackers. But businesses have been migrating to PC networks (probably because the techs and programmers are cheaper, take less formal training). And so businesses (or utilities) that would normally be on larger, stabler, safer computer systems, have taken the short road using cut&paste networks.
So, I believe Microsoft products are involved in this somehow. No doubt. What a mistake.