I’ve never thought malware writers also creates redundant systems for business continuity. A couple of days after a Wikipedia entry was found to contains links to TROJ_SMALL.DMR, another site was found – http://h(blocked)v.webhostingoutsourcing.com/ – that contains the exact content, text, links and all, from the malicious Wikipedia entry.

Which entry was posted first doesn’t matter much, what is alarming is the fact that malware writers are using multiple instances of a vector in order to create a more stable infection platform. Indeed, industry best practices can be used by security professionals, to malware writers alike.