Downloader payload still on the internet.
I was just looking at some older viruses and came across Trojan-Downloader.Win32.Tiny.bn and had a look through it and found a url encoded in it http://xxxxxxxxxx.biz/dnlsvc.exe. I just put it in wget to see if it was still there and to my surprise it was. Although its not a new virus it wasn't in the database yet.
-------- update --------
Still looking at one of the sister site (the url is the payload executable) I was getting offered a nice file to download cyber.wmf I never revues such a freebie according to Clam this is Exploit.WMF.A. Unfortunately I'm not able to submit it because its not a PE or dll.
Whois and other records concerning the sites point back to the infamous "James Wuster" apperanlty he is in need off extra zombies to do his spamming.