I don't personally have all the facts yet on this case, but my experience with client infections makes me wonder if she may be an innocent victim of fly-by adware. Unanswered questions include: 1) was it her computer, or the schools? 2) if the schools, where were their software security policy and safeguards?
The prosecutor for the case stated she had to deliberately click on certain links, but we security professionals have seen many cases where IE links have been set to their "visited" state by adware popups.
Update: More information and speculation and worse, the prosecution admits that it made no search made for spyware during its investigation.