The latest version of Conficker isn't the first bot to plague the Internet, but it may be the smartest and most sophisticated. And it starts phoning home Wednesday.

Conficker's most sophisticated routine is what researchers call its "rendezvous" mechanism, the way it reaches back to its creators for further instructions. Every few hours, the worm generates a list of hundreds of new Web domain names; the domain names are nonsensical strings of characters seeded by the current date and time, meaning that they're constantly shifting but can be reproduced by the worm's controllers. In theory, this is how Conficker's authors will tell it what to do next. They'll register one of the domain names, put up a program for Conficker to run, and, boom—millions of machines around the world will be acting in sync.

But you might spot a couple of obvious flaws in this rendezvous mechanism. First, if Conficker is calling up domain names, can't anyone—especially other bad guys—monitor which sites it's connecting to and then upload their own software for Conficker's infected machines to run? Conficker's authors worried about that, too, and cooked up a brilliant counter-mechanism. The worm uses one of the world's most advanced cryptographic algorithms to check all files it downloads from one of those domains; if it doesn't find a digital fingerprint from its authors, Conficker won't run the program.

The second flaw: Can't the Internet's authorities just make sure that no one registers the domain names that Conficker is checking, thereby preventing anyone from sending the worm its marching orders? Indeed, they can. In February, the worldwide team of computer security groups who've been fighting Conficker—the self-dubbed Conficker Cabal—announced that they'd worked out a way to determine the pre-generated list of domains that Conficker would connect to. Eventually the cabal got registrars around the world to prevent people from registering those sites.

But that's when researchers spotted the newest Conficker variant, which includes a much-improved updating plan. Instead of generating a list of hundreds of domains, Conficker C creates a new list of 50,000 Web sites to contact every day. Although the Conficker Cabal is trying to prevent registrations on all these domains, registrars around the world will have a much more difficult time monitoring this huge, shifting number of sites. But that's not all: The latest version of Conficker has a completely new way to coordinate the botnet's operations. Rather than contacting domain names, infected machines can band together in a massive peer-to-peer network. This way, each machine can efficiently pass files to its peers in something like the way your high-school orchestra used a phone tree to pass along next week's rehearsal change (or, to get more technical, in the same way people trade movies online via BitTorrent). We've seen peer-to-peer botnets before; in 2007, one of them, the Storm Worm, brought down several anti-spam Web sites. A peer-to-peer-enabled botnet as sophisticated as Conficker would be very difficult to thwart; if it worked well enough, it could well be impossible to shut down.

Who created Conficker? Like much else about the worm, it's completely unknown. Initial speculation settled on Eastern Europeans. The first version of Conficker included code designed to keep Ukraine free of the worm. (If it detected a Ukrainian keyboard, it shut down.) But successive versions have been free of that code. On Sunday, BKIS, a Vietnamese computer security firm, announced that it had found clues in the worm suggesting it was created in China. In February, Microsoft put up a $250,000 reward for any information leading to the arrest and conviction of people responsible for creating Conficker.