Agreed but it looks like initial exploit is from a bad website or ad within a legit site. That then runs the code (based on browser and as the developer is on apple safari was tested hard) I see how the scan of local IP works based on the seeing what responds time wise. I assume this attack is primerly looking for ways into the host machine, do you think it could be used to attack anything on the local subnet?