Here's a list of methods re adware proliferation (covered in an old post at the old version of
http://www.justtraffic.blogspot.com ):
the installer is distributed in warez install packages -- bling.exe was distributed this way
spread via p2p networks using popular game names (the low KB install sizes give this away but they claim to be 'cracks' or keygens or sn generators)
distributed via popups in warez sites
So be careful what you click on. Some "installer packages" found a way to not trigger the standard SP2 install notifications.
Although it's harder to get spyware or adware nowadays due to the spread of FF and SP2, once someone DLs an app onto their system thinking it's something else (because the title/label or dl network he got the stuff from tells him so)... then all bets are off.
It is, like you said, a kick in the nuts.