Just looking into this for work purposes, what surprises me is the comments made by "experts" (e.g. from Sophos) in the media:
"While many of the compromised sites are pornographic, many are legitimate, mainstream web pages. "
That seems alarmist - I very much doubt that "mainstream" (which I would take to be sites like google, banks, amazon etc. etc.) are affected unless they have been hacked.
"People should make sure their anti-virus software up to date, and remember to install Microsoft’s security patch when it is released.”
Updating anti-virus is going to do little against something that isn't a virus but a browser exploit. I appreciate an "expert" from a virus company wants to put the focus on A/V software but in this circumstance it is misleading (in my opinion unless I'm missing something) to suggest that this will have any effect at all.
Just my thoughts on this.