My guess is it's pretty easy for them to report back the infected computer is part of a domain, for example, which most businesses using Windows would be on.