April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. The worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations, according to Phil Porras, a program director with SRI International who has studied the worm.

"Technically, we will see a new capability, but it complements a capability that already exists," Porras said. Conficker is currently using peer-to-peer file sharing to download updates, he added.

The worm, which has been spreading since October of last year, uses a special algorithm to determine what Internet domains it will use to download instructions.

Security researchers had tried to clamp down on Conficker by blocking criminals from accessing the 250 Internet domains that Conficker was using each day to look for instructions, but starting April 1, the algorithm will generate 50,000 random domains per day -- far too many for researchers to connect with.

Gradually, the Conficker network will get updated, but this will take time, and nothing dramatic is expected to happen on April 1, according to Porras, Howard, and researchers at and