Silent noise - about spam, trojans and other nasty stuff

Trend Micro mentioning a possible connection between Conficker and Waledac:

DOWNAD/Conficker Watch: New Variant in The Mix?

Quote:

Another interesting thing we also noticed was that the Downad/Conficker box was trying to access a known Waledac domain (goodnewsdigital(dot)com) and download yet another encrypted file.

Another one from the same article:

From the press release:

The Asprox domain:
debug-script40.biz. (Found on URIBL.COM).
Not serving the usual javascript files at the moment.
(There are probably more of them)

Some expected Downadup/Conficker domains, shows up on the Asprox botnet:
fmhxqutvccr.org, fmkopswuzhj.biz, fuougcdv.org, fvwugekf.info, fwkbt.info, gbxpxugx.org, ghtileh.biz, gnyluuxneo.com.
And highly possible several others.

An image illustrates one common IP:

Only a small detail today, I don't know if this is significant at all.

I had a quick look for new domains on the Asprox botnet today.
Only one showed up: fnygfr.com. (A bit later fmhxqutvccr.org and gbrpn.orgshowed up:)
A bit different than the "naming pattern" of the Asprox domains.

Then I found both domains in this long list from F-Secure:
http://www.f-secure.com/weblog/archives/downadup_domain_blocklist_17_31.txt