http://cw.com.hk/news/microsoft-new-pcs-preinstalled-malware-found-china?pag e=0,0 The interesting bit, IMHO, is in the second page where they make reference to a software by Nominum: Since the domain also hosts legitimate websites, Microsoft is using DNS (Domain Name System) software from Nominum that will allow legitimate traffic to subdomains of 3322.org but halt traffic to the 70,000 hosted websites that are harmful, a process known as "sinkholing." It seems to me that it is important that we use tools that can discriminate between the malicious sub-domains of a domain. We often have debates about collateral damages in hunting criminal behavior, maybe this is a step in the right direction. Cheers, Roberto