I don't speak Polish, but the Google translation suggests xorg.pl advertises themselves as a free domain provider, much like dot.tk. The problem of course, is that like dot.tk, their service gets abused to hell and back.
Normally, this wouldn't have earnt them a place in the crimeware friendly list. However, an exception has to be made in this case for one specific reason - the malicious "aliases"/sub-domains all point to known malicious IP ranges (e.g. Starnet, EuroAccess). All they'd have to do to stop this, is to stop allowing their sub-domains be pointed toward those ranges, and to implement basic security checks to prevent any scripts redirecting to such, but they've done neither.
I've been following the fake AV's used in blackhat SEO for quite some time, and one of the major trends has been the increased use of xorg.pl subdomains for the spreading of this rubbish. Just some of which includes;
From what I'm seeing, just as there was with the previous campaigns, there are new subdomains being created and put into service at least every 4-6 hours (can't follow it 24/7 obviously, so I do miss quite alot of them). xorg.pl have never responded to an abuse report, or enquiry into why they're ignoring this problem, so perhaps they'll respond to this.