The victims don't need to do anything to get infected except visit a Web site that's been hacked.
This is how most malware, spyware, trojans, etc get maliciously installed on users PC's.
For years I have been telling people to STOP USING Microsoft Internet Explorer! That one piece of *&$% software is the target of most attacks. I always recommend to completely switch over the Firefox and to install the plugins "Adblock plus" and "noscript" as protection. For now, this solution works!!