18 mostly nigerian phishers who were active between 2007 and november 2008 were convicted by the court in Bruges, Belgium to 2 to 6 years of imprisonment for sending Nigerian 411 emails with fraudulent stories. One of the people they had sent one of their mails contacted the police after which an investigation began.
As they placed their mobile telephone numbers in these mails, the police could investigate and track their mobile phone calls.
This is a window of opportunity that you should not miss because once those smart guys (and everybody agrees that the developers and maintainers of Conflicker are smart ITprogrammers) update their client (and probably will already have figured out how to bypass the latest identification that securitytools can use) it is game over for another few weeks.
Snort, Nessus, Nmap and lots of other (also commercial) IDS and networkmonitors will incorporate this new ID.
It is also important that you filter the positive alerts, let a real person look at them and be sure that that person has the authority to bring that station down and alert a standby technical team or cleaning-securityservices installing server. Having an internal server that can install an antivirus without looking for external updates is a nice to have.
Would someone make an easy tool or something to include in proxies and firewalls ?