A new Conficker.C variant is set to hit desktops on 1 April, according to software firm CA.
The third Conficker malware variant in infected machines is set to activate on that date, said the director of threat research at CA where the malware sample is being examined.
"It's set to go off April 1, 2009 and Conficker will generate 50,000 URLs daily," says Don DeBolt, CA's director of threat research.
Generating that many URLs is a way to hide where it may be calling to download instructions from those who designed it to infected machines. It's not known exactly what those instructions might be but it could involve downloading more malicious code or destroying files.
CA says it has some ideas about where Conflicker originated but is not discussing that at present.
Follow highlights from ComputerworldUK on Twitter