I understand that the IP addresses might have a history, and of course it's possible that it takes a while to fix that (after all, we are all still just humans and things just take time to be done properly). Indeed the network appears to be on completely different IPs now, which is logical, seeing as leafs occasionally get replaced with other leafs due to the "fluid" nature of Anonymous. My response was not so much aimed towards the malware entry itself, but rather towards the implication that Anonymous == criminals, which is completely incorrect, and to be honest quite offensive (being involved with it myself). Especially someone involved with malware detection and security should know better than to generalize Anonymous into a group of "cybercriminals", in my opinion.