Just a guess (stab in the dark...) but try using a different DNS server addresses?

I use 208.67.222.222 and 208.67.220.220 (opendns.com for more information).

Really...? So you don't have access to Start > Control Panel > Network Connections? To change your network adapter settings from "Automatic" (or whatever Comcast has set them to for you, If present).

Or have they somehow disabled your access to this area...? If so, how?

I suspect there's a bit of confusion here. I seriously doubt that an ISP would restrict which DNS server a customer may use. I suspect that Chaos is for some reason referring to the customer's source IP address ... which of course can't be changed without causing routing problems.

That could be....after reading the other thread, referring to not being able to access spamhaus and completewhois - these two sites in particular must block Comcast due to the huge number of infectious machines on their network...

In that case, the only way to resolve it would be to use a proxy such as anonymouse, proxy.org or any other number of proxies around the net..

Then again, one could bi*ch and complain to their ISP, complaining that sites (spamhaus and completewhois as read above) are restricting their access due to the huge amount of infectious computers within their IP space...

Threaten to switch ISPs, etc....maybe they will give you a free month, find you another IP block that is clean(er), or whatever.

One can only wish

Re the inability of Comcast users to access two hosts -
my dictum states that one should never attribute to human malice that which may be readily explained by computer malfunction.

Probably an error in a routing table.

Just got an email from RU-CENTER, that they disabled the domains:

"Dear Sirs,

The domains:

HAPPYCARDS2008.COM
NEWYEARWITHLOVE.COM
UHAVEPOSTCARD.COM
MERRYCHRISTMASDUDE.COM

are put on hold,

--
Best Regards,"

I checked all known domains, even one which is not listed in their reply and they show "NOT-DELEGATED" and seems like they dont't work anymore.
And it only took like 16 days!!!
Let's be happy folks - and prepare for the new domains which will be registered soon...

(full: http://www.huweb.hu/maques/mblog/?p=71)

Thanks, maques, for you help with this!

Actually, it may just be their email reply that took so long; the whois records show that the last updates on these domains were Dec 28, Jan 04, and Jan 06.

Very few of the storm distribution IPs are left operating. As each infected machine is rebooted, it will not be able to establish connections with the Storm network. There is a possibility that the simultaneous removal of all the resolving names will result in Storm losing track of a large portion of the existing network. The machines will be infected, but permanently orphaned.

This has been a major breakthrough. Previously, as one domain name was removed, another has already been in place to take over, and the code has been refreshed to use the replacement without losing bots. This time there could be a major impact.

The next few days will tell.

pwillener: I see "Last updated on 2008.01.10 16:21:26 MSK/MSD" now, and yesterday I saw 2008.01.09 on all domains.

tembow: don't worry, there will be new domains.
However, I got this today from RU-CENTER:

----- Original Message -----
From: "RU-CENTER NCC" <tld-ncc [A] nic.ru>
Sent: Thursday, January 10, 2008 11:51 AM
Subject: [ru-center #1781157] Re: open letter to RU-CENTER


> Dear Sirs,
>
> The domains are put on hold, thank you for your report.
> New alike registrations are monitored.
>
> --
> Best Regards,
>
> Julia A. Lotkova
> Regional Network Information Center (RU-CENTER)
> Phone: +7 495 737-0601
> fax: +7 495 737-0602
> http://www.nic.ru

so let's hope that at least the domains won't be registered here [which could be either good or bad...]

Bad news -- they didn't remove the glue records from the nameservers. They are now fast flux and apparently performing the function the regular domains did before.

Good news -- looks like they caught it -- the glue records are gone now.

I am given to believe that Storm has an initial bootstrap list of IPs to use to establish contact with peers on the network. The domain name lookup to a zero-duration fast-flux host name would be the fall-back if that fails, or else the bootstrap peers may simply feed back to a joining bot a few domain names to use to locate further peers.

A more effective storm botnet removal would involve simultaneously removing all bootstrap IPs and all zero-flux hosts.