A secure democratic Net is a fundamental right

•    10Wrj.com

•    zz.ushealthmart.com

they also target mostly .cn domains so if you don't need chinese traffic, just block it or whitelist it if you can name the few sites and servers in China where you have to be connected to. Just be aware that in the .cn domain even .gov.cn servers and great commercial sites are hacked and abused on a daily basis. Your trust of the .cn domain should be very low (maybe they are frustrated that they can't leave the .cn virtual prison for the whole free unlimited internet)

They target .cn chinese domains because most of machines won't be patched because most of them are illegal installations - which calls into question the policy of Microsoft of not providing security-updates to illegal installations which has only as a consequence that they are used to attack even harder the legal installations - which these last don't like at all. The insecurity of the weakest is the strongest point of the attacker to attack the better defendend. Maybe securitypolicy and licencepolicy should be seperated - at least for securityupdates or surely for securityupdates that are as important as this one).

I doubt Microsoft can proof that this policy has added more licenced users in these countries than it had bad press and problems with users in countries where licencing is much more followed.