Dang! That didn't take long.
My last entry was "Chalk one up for Spamhaus", wherein I lauded Spamhaus for getting some of the Bad Guys summarily shut down.
Alas... it seems that they are back up, minus the single domain that we fingered.... 4udating.net. Thanks to our friends at Sunbelt for noticing this one, and kudos to them again for sharing research.
It seems the Bad Guys are more resilient than we thought (but honestly about what we expected) and are happily serving VML and SetSlice from all/many of their other domains.
Not only that, but it seems that Microsoft did not include the patch for the DirectAnimationPatchControl vulnerability (commonly known as Daxctle) in this month's patch batch, so it remains to be seen if the Bad Guys will pick this one up.
Folks .... you need to patch and install SocketShield. It's getting tricky out there.