Just seen this released to protect against Cabir.
If trojans are transmitted via bluetooth, then surely you would need to accept them as a message rather than them autoinstall?
I would have thought the best attack would be to fake up an SE website and email people that a vital update is out and direct them to the fake site. Even then the PC antivirus should recognise the .sis file to be a trojan.
