"These guys have no designs, I think, on taking down the infrastructure, because that would separate them from their victims," said Paul Ferguson, a threat researcher at antivirus vendor Trend Micro, calling the technology and design of Conficker.c as "pretty much state of the art."

"They want to keep the infrastructure up and in place to make it much harder for good guys to counter and mitigate what they've orchestrated," he said.

Conficker.c was programmed to establish a link from infected host computers with command-and-control servers at midnight GMT on April 1. To reach these control servers, Conficker.c generates a list of 50,000 domain names and then selects 500 domain names to contact. That process has started, researchers said.

Exactly how many computers are infected with Conficker.c is not yet known, but the estimated number of systems infected by all variants of the Conficker worm exceeds 10 million, making this one of the largest botnets ever seen.

While infected computers have started reaching out to command servers as expected, nothing untoward has happened.