How exploit kit evolves from particular site & avast webshield protects us!

Previous malware launched like this: htxp://zulu.zscaler.com/submission/show/44183c8878ef5cd7f875ee1ff0403b63-1335284787
Latest alive variant: htxp://zulu.zscaler.com/submission/show/0ca7c5e072848108815540ae9f9b7a42-1335285089
With accompanying VT report: htxps://www.virustotal.com/file/d9bcd1aaf7cb703c79f94887a0b063626cdc6de281fe84104e3fe923631905c4/analysis/
Avast does not detect yet, but better would be to block /173.44.136.197 through the avast shield, because malware is being spread from there continously,
and indeed the avast webshiled blocks it flagging JS;ScriptSH-inf[Trj]. So we are being protected!
An older example of this: hxtp://zulu.zscaler.com/submission/show/1e5762f9bdd355ff52ad74e502bf955a-1335285475
See why, then see here: htxp://urlquery.net/search.php?q=173.44.136.197&type=string&from=&to=&max=50
Via urlquery we are getting the following alerts: Detected BlackHole exploit kit HTTP GET request & Detected Live BlackHole exploit kit
Some malicious previous detections for this IP through: htxp://malc0de.com/database/index.php?search=173.44.136.197&IP=on

polonus