A secure democratic Net is a fundamental right

They are back with a new and more powerful version 

* it works for MAC and for PC

* it works also with DHCP

* it makes more changes to the machine

The two DNS servers that are being used are based in the Ukraine

It are the 85.255.112.36  / 85.255.112.41 

% Information related to '85.255.112.0 - 85.255.127.255'

inetnum: 85.255.112.0 - 85.255.127.255
netname: UkrTeleGroup
descr: UkrTeleGroup Ltd.
admin-c: UA481-RIPE
tech-c: UA481-RIPE
country: UA
org: ORG-UL25-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: UKRTELE-MNT
mnt-routes: UKRTELE-MNT
mnt-domains: UKRTELE-MNT
source: RIPE # Filtered

source

In june 2008 it were the following that were being used 

DNS and DHCP settings are changed to point to the following IPs (these can vary with different variants):

• 85.255.115.117
• 85.255.112.204
• 85.255.113.74
• 85.255.112.36

comment : If you don't have an internal relay dns that everybody has to use for DNS connections (and which you have relayed to the DNS of your ISP) than it becomes time to do so if you have network of a bit of size. Because than you will see all those infected PC's trying to leave your network for these servers. Deconnect, clean and control 

The internet storm center says it's probably wise to at least monitor traffic to 85.255.112.0 – 85.255.127.255, if not block it.

ANd personally I think Maybe even ISP's should do it.