Prevention
"It will shut itself down if debugging software is found on infected machines, ..."
Does the debugging software have to be running, or just be installed? Can you recommend any debugging software to install or run?
Malware authors are consulting IP blacklists designed to help fight spam in a bid to avoid detection and increase inbox hit rates. The novel abuse allows malware authors to determine if they have infected clean and benign machines. "This malware is interesting because it contains a hardcoded list of commonly known blacklist …
I'm surprised this isn't already on the standard to-do list along with using lists generously compiled by sslsonar, 'researchscan' (various .edu), shodan etc and cloud computing setups (most it seems) that permit massive volumes of direct SMTP probes to be done.
As an aside, over the last 6 weeks or so there's been a significant increase in botnets 'having a go' - in identifiable groupings - as you can tell by what they use for their 'helo/ehlo', and whether or not they use 'quit' or try an 'auth login' regardless of whether they even get a connection, never mind the spamcheck bog-off message, and several other distinguishing features.
Yes, the increase in dubious connections as usual correlates with the return of academia, obviously purely coincidental...