We created bogus DNS entries for the following entries, known to be
targeted by the worm:
www.sportscheck.de
www.songtext.net
www.songtext.de
www.maiklibis.de
www.gfotxt.net
postertog.de
permail.uni-muenster.de
For what its worth ns{1,2,3,4}.everydns.net will answer for the wormy
domains with 127.0.0.1 to help mitigate phone-home traffic.
I just registered gfotxt.net (some appear to be registered while others are
not) with the proper name servers and it should be visible worldwide along
the normal timeline. Parties with control over the other mentioned domains
or end user resolution are more than welcome to point them our way.
We'll be generating some statistical data on DNS traffic and summarizing for
anyone interested.
-Mike