There is some nasty Facebook spread malware going around at the moment. F-Secure states that the malware infects users in the US and UK and applies to both Mac and PC users.

According to F-Secure's report (linked above) the malware is downloaded (after the usual series of redirects) from This domain resolves to the address (name servers for the domain itself ( and I'm pleased, but unsurprised, to note that both these IP addresses are already blocked by ThreatSTOP as they are in the RBN feed and have been for at least a month.

It is worth noting that a number of domains also point to this IP address - various subdomains of as well as subdomains of and and the single domain I'm pretty sure that all of them are malware droppers so this is a good illustration that the blocking of the IP address is more efficient than the dropping of the DNS name lookups.