I wonder if they should be looking at the problem from the domain registrar software side - who is registering nonsensical domains (that can be conficker'd up)
Also, based on the list of 23 auto-killed processes, an easy way to see if a machine is conficker'd is to see if filemon or wireshark fail to execute.
after looking at this, i can't help but to be curious as to what DGA_random_function() & conficker_D_PRNG_function() actually do. if they're not truly random then it seems like there'd be a way to determine which domains would get hit first. how random can the average windows pc get?
Also, based on the list of 23 auto-killed processes, an easy way to see if a machine is conficker'd is to see if filemon or wireshark fail to execute.