The handlers and at least one agent were found at unnamed (in the analysis) Universities.
From this, it might have seemed like this was all occuring at just one site. It involved many sites.
I am not trying to say sites shouldn't do egress filtering. On the contrary, I am just trying to say that they should filter, but they can't stop there and say they have "solved the problem." They have only solved one problem for one class of attacks, and it comes at a price. It also does nothing to prevent that site's systems from being used to host attacking agents, and other tools (like stacheldraht and TFN2K) can get past these same egress filters.