Among the key innovations of the Conficker worm (W32.Downadup) was the pseudo-random domain generation algorithm used for the generation of dynamic command and control locations in order to make it nearly impossible for researchers and the industry to take them down. However, once the domain registration algorithm was successfully reverse engineering, it became possible to measure the estimated number of affected hosts by registering several of the upcoming phone back locations. More at; http://blogs.zdnet.com/security/?p=2754