In a rather thoughtful move, this server is also logging IPs of the machines communicating with it - i.e. the victims. Agencies can then work with the ISPs so that they can accordingly inform the victims. What this means is to have ISPs actually inform the victim, provide information on the removal of malware and increase security awareness.
This is the correct move. ISPs should not play cop - by removing suspected infected machines from the internet. Rather, they should know how to deal with infected machines and provide them with the tools to deal with threats.
For more on the Coreflood Stops Flooding story visit: http://www.theregister.co.uk/...
For more on Imperva visit www.imperva.com