That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.
The first very small step towards security I took was change the default place where the wallet.dat was stored...
Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!
Rezin777 it is pretty crazy when you think about it! The location path should be the first thing you should change I totally agree.
The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.
Not to mention the location should be stored encrypted in the bitcoin configuration file.
The devs are working on this. But, it's not hard overall:
Fire up client.
Ask user for password.
Create wallet.dat.
Encrypt data in wallet.dat with user password.
Whenever wallet.dat is accessed, prompt user for password to decrypt data.
You don't actually need the private keys to do anything but send coins. So, the wallet.dat data only needs to be accessed if you're sending coins and/or adding addresses. So, it wouldn't be that annoying to be prompted.
Now if someone steals your wallet.dat, it's useless unless they know the password.
As long as you have backups, you cannot lose your coins.
Of course, if you have malware on your system, they can keylog the password and then all bets are off.