We created bogus DNS entries for the following entries, known to be targeted by the worm: www.sportscheck.de www.songtext.net www.songtext.de www.maiklibis.de www.gfotxt.net postertog.de permail.uni-muenster.de

For what its worth ns{1,2,3,4}.everydns.net will answer for the wormy domains with 127.0.0.1 to help mitigate phone-home traffic. I just registered gfotxt.net (some appear to be registered while others are not) with the proper name servers and it should be visible worldwide along the normal timeline. Parties with control over the other mentioned domains or end user resolution are more than welcome to point them our way. We'll be generating some statistical data on DNS traffic and summarizing for anyone interested. -Mike