The IP address hosted the LuckySploit toolkit, which looks for multiple vulnerabilities on target machines, including the recently-patched Adobe PDF bug. Once a vulnerability has been found, the toolkit is believed to have delivered the Zeus trojan onto victims' machines.
The quick shutting down of the IP address, in conjunction with the reunion concert, suggests that the attack was designed to harvest the maximum possible amount of traffic.
"They do time their attacks very well. When the hackers find a way to exploit one of these sites and get their code embedded on the page, they will always try and time that for maximum effect," Parker said. "And like a lot of attacks at the moment, it's based on embedding a very small amount of code on the site."
ScanSafe said that McCartney's team appeared to have cleaned up the site sometime after 7:30pm GMT on Monday. Earlier yesterday, Google searches were still listing the site as potentially harmful. By yesterday evening, searches were coming up clean.