The trojan is from in a file arucer.dll which is installed onto the system32 directory. It basically listens to port 7777 and performs information leakage, windows registry modification and download and execute files (sound like a liveupdate to me).
So, who planted it? This is a good question I suppose CERT and Symantec will be spending the next few sleep weeks on. In any case, the software had been pulled (the Windows version anyway. Who want to bet that there is a trojan in the mac version as well?) so if you had installed any of those software, I strongly suggest you uninstall them and look out for the arucer.dll in your system32 directory.
The full story:
Updated CERT Report: