ALERT: mstdpro.com and botnets

Just a warning folks, there's a replacement for the now suspended rulesbreacker.com/wsumg.com botnet, and it's mstdpro.com. Resolving to residential IPs and serving exploits and a trojan through URLs such as;

mstdpro.com/mydata/forms/apisrv.php
mstdpro.com/appserver/
mstdpro.com/efs/servlet/military/login.jsp
mstdpro.com/app/bps/main/
mstdpro.com/arc/files/
mstdpro.com/arc/files/archivo.exe
mstdpro.com/system/
mstdpro.com/local_bdno/netoffice/

IPs it is currently resolving to;

80.133.81.28    p5085511C.dip0.t-ipconnect.de    3320 80.128.0.0/11 DTAG Deutsche Telekom AG

71.217.22.38    71-217-22-38.tukw.qwest.net    209 71.208.0.0/12 ASN-QWEST - Qwest Communications Company, LLC

77.208.160.65    Failed resolution    12430 77.208.0.0/14 VODAFONE_ES VODAFONE ESPANA S.A

85.86.48.130    130.85-86-48.dynamic.clientes.euskaltel.es    12338 85.86.0.0/16 EUSKALTEL Euskaltel S.A.

84.125.109.124    84.125.109.124.dyn.user.ono.com    6739 84.125.0.0/17 ONO-AS Cableuropa - ONO

71.217.22.38    71-217-22-38.tukw.qwest.net    209 71.208.0.0/12 ASN-QWEST - Qwest Communications Company, LLC

84.123.147.146    84.123.147.146.dyn.user.ono.com    6739 84.123.0.0/16 ONO-AS Cableuropa - ONO

217.68.182.87    217-68-182-87.dynamic.primacom.net    16202 217.68.160.0/19 PRIMACOM-AS Primacom AG

VT says 20/43 vendors currently detect the trojan;

http://www.virustotal.com/file-scan/report.html?id=ca1740a5ba790e4e350ee0998d1cc8bdc5370d09c3f58f56f8055223cf2c0f8d-1312421587

Special thank you to NotBuyingIt for the heads up