XenoPhage writes "I'm working on possible mitigation scenarios for a potential Conficker/Downadup outbreak. One of the ideas we have is to "poison" our own DNS caches, effectively redirecting any infected clients to a local server. The thought is that this would help identify infected systems as well as prevent them from receiving updated instructions from command and control. The question is, however, how to do this, as well as what possible side effects will we encounter. Is this method absolutely taboo and should be avoided at all costs, or is this a valid method of detection/mitigation?"