ClassicFM just phoned me for comment on this story. I did some quick research and was rather dismayed to find that this appears to be an attempt to drum up some press references for marketing rather than a responsible informing of the public.
Update: ClassicFM has put up the story with a soundbite.
It was referencing X97M/TrojanDropper.Agent.NAI.trojan (the vendor in question isn't McAfee, they just had a good writeup) which exploited an unpatched vulnerability (CVE-2008-0081 to be specific) in early 2008, but was patched by Microsoft in October 2008. So, by now the patch is likely deployed to even your mother's machine in the cupboard, and AV vendors have got several copies of the signature deployed. In addition, the specific trojan was used in targeted attacks and it is highly likely that no person or company in SA will ever see a copy, even if they did, the generic advice of 'be suspicious of .xls files' is fairly useless.
To add insult to injury, the AV vendor seems to have received orders from their head office as their international office engaged in the same FUD last month.
This appears to be fairly blatant scaremongering in order to get their name in the papers, the sort that harm the whole industry and makes people unable to differentiate between real threats with real actions they can take. There may be a good explanation, and if the vendor in question wants to clear things up I'll publish it here, although having not mentioned their name I doubt they'll see it. In the meantime, I recommend journos blacklist them as a source.
Now, if anyone wants to write about the PDF tomfoolery that's been going on lately, that would be far more interesting. Although, even then only to IT and security types, not the general public yet.