Comment Re:Maybe I'm off base here but (Score 1) 175
One problems is that many of the domains appear to point towards servers running virtual hosts and hosting legitimate sites on the same IP address. We've been looking at data on our network and tracking down these infections based on IP address brings a lot of false positives. You really do need either proxy logs, or logs of DNS queries to find out the domain that's being contacted.