Today, after conducting additional research on Trojan.Milicenso, researchers determined that the threat is propagated by a compromised
Research shows that the attack dated back to at least 2010, and the attacker(s) used different domain names to prevent them from being blocked or blacklisted. According to Symantec, “In 2010 and 2011, the gang moved to a new domain every few months. But in 2012, they changed domains almost every day."
Link to Original Source