[nsp-sec] Relayed from a contact at Kaspersky - proactive efforts against Net-Worm.Win32.Kido (alias: Downadup, Conflicker, Conficker)

[Chris Calvert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello NSP-SEC

Vitaly Kamluk, a contact at Kaspersky, is looking for contacts to discuss the following idea:

" From my point of view the most efficient and ethical method would be to
block the domains generated by the bots and make the C&C become
unavailable for the bots for a long time. If that is possible it has to
be done sooner than the botnet master updates the bot and changes its
behavior to something unpredictable.

 We have collected the domain list that the bot will use for the next
365 days. It consists of ~78 000 unique 2nd level domain names. 

 The only problem is that I don't have direct connection to people
responsible for the root DNS servers. That is why I am writing to you in
hope that someone may help me find this connection. "

Essentially, Vitaly is looking for contacts are registrars for the following TLDs to proactively block/hold the domains that they have collected.

.biz
.cc
.cn
.com
.info
.net
.org
.ws

If anyone is interested in discussing further, please contact me off-list and I'll get you in touch with him.

Regards,

Chris Calvert
TELUS/AS852
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: GnuPT v3.6.3

iQEVAwUBSYDrsANosZkkw642AQJWEAf/ZjFVHi6nhT9c5QOSRZqA/En/vZ4VUU7I
1EVKkSCZm436v7BZapp/MIgeaLErygor39FV0Guh8btQx0UdFlezF2SHLvRStGZJ
l0loBhvT+7lIsyrhf5tIS3agPhJaxiOUgyHH18yiU2wtloKJ9qPzHJ8RZ9P53Rxk
l4h3DAqyfWwVg/JnW3eipWHvnbKK6FoLHTBCqCsqMWY4gZSlcowGpDKbL6kX0/Cs
nono9p1J9h0w87HcUAE8Inf/t0MYz1hrgY8a8E3u9PkJXPkCbpvxIVzGGaUhKjAW
rETEH6IPMmfOvyO1qLKtR47rULYaO6LOBjKj55UE0hhigZ4rqeok6g==
=lq7J
-----END PGP SIGNATURE-----