sudosecure.net

Looks like two of the recently utilized Storm Worm domain names have been placed in a hold status by the Registrar: Xiamen ChinaSource Internet Service Co., Ltd. "newoneforyou.cn" and "thingforyoutoo.cn" and are no longer resolving fast flux IP addresses. Oddly enough the other six domain names being maintained by this registrar are still active. I would have thought if Xiamen acted on one of the domain names they would have acted on all of them, I guess they need more information regarding these domains before they can make a decision on shutting them down...

Another note of interest: limpodrift.cn, gasperoblue.cn, loveinlive.cn, gribontruck.cn, giftapplys.cn, and biggetonething.cn are all pointing their DNS requests to orthelike.com name servers. So if the Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. took action soon they could potentially strike a large blow to the current Storm Worm Domain names being used, well until the authors created new name server records.

With all that being said, these new domain names have recently pushed me just over the 100,000 mark for total archived IP addresses indexed by my Storm IP tracking scripts. Note this doesn't mean there are over 100,000 different hosts, as some of these hosts are on DHCP networks, and obviously their IPs could have changed while I was tracking them. The only IPs I am 100% sure are associated with the Storm Worm are the one's you can find in my Storm Worm Binary Tracker and the IPs I have extracted directly from the Storm Worm configuration files with my Storm Worm config file parsing script.