Yes, I think that your observation is obvious.. publishing lists of infected hosts is a bad idea. My question was asking if there was an unofficial mitigation process to notify the end-use and/or the providers involved for clean-up efforts.
I'm not sure if this is what you are asking for, but SecurityFocus is operating a Code Red notification service: Date: Sun, 5 Aug 2001 10:50:22 -0600 To: bugtraq@securityfocus.com From: aleph1@securityfocus.com Subject: Infection Notification -------- If you'd like to help us notify users they are infected please send offending IP data to aris-report@securityfocus.com. Please use the following format: IP ADDRESS DATE/TIME WITH TIMEZONE Or something similar to this. Please ensure the information is constrained to IP address and date per line as we do our notification automatically and our systems need to be able to understand the data you send us. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum --- Andrew McNamara (System Architect) connect.com.au Pty Ltd Lvl 3, 213 Miller St, North Sydney, NSW 2060, Australia Phone: +61 2 9409 2117, Fax: +61 2 9409 2111