Hi Steven Winderlich,
Agree with you that site and IP should be blocked by avast, just like it is on DrWeb;s malicious sitelist.
Regularly new versions of this malware is being launched and the one you pointed out still goes under the avast! detection radar.
See: https://www.virustotal.com/nl/file/634ac0465a6c374ca9ff5bd484098e7ed4be693ead1f1ace3a4dcd88e6ed9772/analysis/
Analysis: http://anubis.iseclab.org/?action=result&task_id=145057ee4ad52e72401a334d866ee91b2&format=html
There is still room for this to be a false positive, as rooting apps use non standard procedures that can be considered by some antivirus apps as dangerous.
pol