With the Conficker Working Group, the going has been tough at times. Originally set up to prevent two earlier variants of Conficker from updating their software, the group has had a setback with the latest Conficker.C code. "There is evidence that there was an update that kind of slipped out," said Andre DiMino, co-founder of The Shadowserver Foundation, a cybercrime group that is part of the Working Group.

While security experts believe there are sill a large number of Conficker.A and Conficker.B infections out there, nobody really knows how many of them were able to update. They'll have a better idea of that on Wednesday, however, when Conficker.C clients begin using a new, much more complicated algorithm to look for instructions from a command-and-control server.

Earlier version of the worm would each look on 250 different Web sites each day for instructions. By working with domain name registrars to lock the criminals out from these Internet domains, the Working Group was able to keep Conficker out of the grasp of its creators, for awhile at least.

But now with the new algorithm, that job will become much harder. Instead of hundreds of domains per day, they will have to lock out 50,000. And they will have to work with more than 100 domain registrars in many different countries as Conficker starts looking for updates many different nooks and crannies of the Internet.

Whether the Conficker Working Group will be able to keep up in this unprecedented game of cat and mouse remains to be seen. But Wesson and DiMino are optimistic.