The blog entry (here) gives some insight into how Downadup works. The botnet -- which by now includes millions of infected machines worldwide -- receives instructions for contacting a specific domain, chosen from a daily list, on specific dates. Thatg domain in turn is used to contact "Conficker cnetral" -- the server from which further instructions and malware are dispatched.
1 min read
Sophos: Downadup May Cause Friday the 13th / Southwest Airlines Problems
The Downadup/Conficker infestation may be about wreak a little more havoc. Security firm Sophos says the botnet is gearing up for a Friday the 13th move, with Southwest Airlines among its possible targets.