RE: - what happens when there is no DNS record

Our assessment of worm's behavior is below:

If fails to resolve, it will return a -1, which is not
interpreted because this routine has no error checking. The worm then
attempts to send its SYN packets to, which may have done
some interesting things, but it looks like the Windows raw socket
implementation won't let that packet out. So basically, nothing

There might be some issues with cached DNS, but besides that it looks
like the majority of the infections won't be doing much of anything
besides eating CPU cycles on the infected hosts.