But what if the server gets taken down, as happened to McColo?
One trick is to arrange for the malware to look to a different domain if it is unable to contact its controller for a certain period.
If those backup domain names were hardcoded, it would be all too easy to block them, or have them taken down before any harm could be done.
So a bright spark came up with the idea of algorithmically-generated domain names. The domains could be registered just in time, and security specialists would be kept on the hop.
You could even arrange for the malware to 'phone home' to a different domain each day. And that's what Conficker does.
Well, the theory is that this would present a challenge to the anti-malware forces.
In practice, security researchers are able to analyse this function as easily as any other. And a coalition of ISPs and other players has been registering the domains Conficker will try to use before the worm's backers can get hold of them.
But Sophos has determined that a small number of the 7750 domain names that Conficker will try to use during March correspond to real and active web sites.
That's the problem with generating semi-random strings: every now and then you'll get a real word, a set of initials, or a made-up name.
Which companies are likely to suffer a Conficker collateral DDoS attack this month? See page 2.
On March 8, Conficker will try to access wnsux.com. WN is the IATA code for Southwest Airlines. The airline presumably acquired the domain to prevent its use by someone with a grudge against the company ("WN Sucks").
That could potentially cause an effective - if accidental - distributed denial of service (DDoS) attack.
It should be easy for Southwest to turn wnsux.com into a black hole for one day. But that's not really an option for other organisations who actively use domain names that Conficker's about to collide with.
They include Discover Media Group's jogli.com, and a dog breeder's site at tnddb.com.
As Sophos points out, filtering out Conficker traffic before it reaches the servers is not an especially simple task, and will require a proxy with sufficient speed and bandwidth to cope with the load. It also requires that the site doesn't already use search URLs that are similar to Conficker's.
All this is just another sign - as if we needed reminding - that the people behind malware just don't care about the effect they have on the rest of us.