The NYT article describing the attack is a non-article, as they don't have real proof (or perhaps they do, but they haven't disclosed it).
Reasons are well developped on the ErrataSec blog [1].<p>[1] <a href="http://erratasec.blogspot.fr/2013/01/the-nytimes-article-was-content-free.html" rel="nofollow">http://erratasec.blogspot.fr/2013/01/the-nytimes-article-was...</a>
Use hardware-based Crypto Keys.<p>Use Crypto Keys for your email.<p>Use Crypto Keys for your garage door opener.<p>Use Crypto Keys for your encrypted hard drive.<p>Use Crypto Keys for your payments.<p>Use Crypto Keys.
> Symantec… found just one of the 45 pieces of custom malware installed on the Times servers<p>Obviously general-purpose anti-virus software is completely ineffective against purpose-built malware.