Following a partial activation of Windows machines that are infected with variant C, researchers claimed that early versions of Conficker called home to 250 different domain names every day to check for updates.
Since Wednesday however, machines infected by the current variant began using a sample of 500 out of pre-programmed 50,000 domains a day to look for updates. This has allowed anti-virus firms to come up with an estimate of how many machines are infected by the C variant, with an estimate made of 3.5 million.
Estimates at the beginning of the year claimed that as many as nine million computers had been infected. Patrik Runald, chief security advisor at F-Secure, claimed that it was programmed to start generating a list of websites on April 1st in an attempt to download updates to itself, which it did as intended.
However as the authors did not publish an update on any of the websites Conficker tried to contact, there was no major activity.
Runald said: "What really happened was that the Conficker Working Group was able to prevent them from registering any of the domains used by the worm. Never before have we seen such a global cooperation within the industry and we're proud to be a member of that group. Also, it would've been pretty stupid for the people behind Conficker to do something on the day everyone expected them to."