On Mon, Nov 09, 2009 at 06:15:09PM -0500, David Ulevitch <davidu@everydns.net> wrote a message of 18 lines which said:
When the conficker worms phones home to one of the 50,000 potential domains names it computes each day, there are a lot of IT folks out there that wish their local resolver would simply reject those DNS requests so that infected machines in their network fail to phone home.
That's an extremely bad idea: many of the domains generated by the Conficker algorithm are already registered by a legitimate registrant (in .FR: the national railways, a national TV, etc). Also, the example is not a good choice since Conficker now mostly uses P2P: <http://mtc.sri.com/Conficker/P2P/> for those who like assembly code and awful technical details.