The Conficker worm, which checks 250 different domains each day for an
update, could become a lot harder to stop, if those responsible for the
malicious program can get their latest code to infected computers.
The software module, discovered on Friday and initially dubbed Downadup.C
and Conficker.C, causes Conficker-infected computers to search — not
250 — but 50,000 different domains each day for updates. Last month,
Microsoft teamed up
with security firms and domain registrars to block the 250 new domains
that the worms each day. The group, called the Conficker Cabal, will be
hard pressed to block infected PCs attempts to update from 50,000
different domains.
http://www.securityfocus.com/brief/923