Speaking of which...
I was just accosted by a popup that insisted I click a box to confirm my membership! I tried reloading the page, but was kicked off TR, and had to navigate back to this article from a Bing search! Maybe TR is the new watering hole for malware writers? Good thing I have EMET configured!
Anyway - I just wanted to add that lately it has become very difficult to acquire zero day exploits from the usual resources. When fellow honeypot testers started getting no bites from the usual web sites, they had to change tactics, because the old way of doing it resulted in dead links or failed to extract truly zero day bugs.
Now the best source is to get a junk email account and simply open as many spam attachments as you can, to throw at the VM environment for testing. This has just been in the last two months - so Michael, your Cisco guys are right - the threatscape is constantly changing - and trying to keep up with it is like bobbing around in a storm on a peace of wooden flotsam from the last shipwreck I was on!
I couldn't agree more with their assessment.
