Someone targeted me specifically by editing my hosts file and redirecting myetherwallet.com to a local copy of the site. Probably someone close to me.
You need to be root (=admin) to be able to edit hosts file, so it is probably someone who has access to your machine.
I have not heard of any remote malware that can do that. (probably some does exist though.)Edit: I thought that hosts file exists only in linux, but apparently windows has one too. If you use linux the above comment stands, but not in windows.
Normally when bitcoins are stolen they are difficult to get back, because the thief could be in another country, where your country's law can't touch them.