The figures for April show that Masiello was right. But they also show something else. Many of the top-level domains (TLDs) in which the spam images are being hosted are registered in China’s .cn domain. This probably is a result of the McColo crackdown, MessageLabs said
This is also the case for the domains of the fastflux networks, of the domains with malware and the phishing domains.
If you don't need the domain in your environment or you need just a few, you should block .cn and whitelist all the others.
untill they clean it up.
they are no democracy anyway.