The whole event is very interesting and terrifying at once. We still don’t know all of the details but even what’s known publicly is scary. 35 ish companies, an IE zero day and command and control servers coming from China. This is like a mini-series. Only a couple companies have admitted to being affected by Aurora so we don’t know the full impact yet. A great post by Rick Howard at iDefense recapping the event tells some of the background and shows how confusing the whole thing has been. It’s hard to even find the simple lessons in this one. AV would probably have been useless and there was no patch available for the vulnerability in IE. Computerworld has ‘lessons learned’ article that talks about where things stand with the emerging threat landscape.