Code that directs infected computers to seven mail and name servers owned by an AOL Time Warner Inc. subsidiary.
Anti-virus experts are downplaying recent claims that there is a second hidden cache of data in the SoBig worm's code that directs infected computers to contact a group of seven mail and name servers owned by an AOL Time Warner Inc. subsidiary.
Officials at BitDefender, a unit of Softwin SRL in Bucharest, Romania, said on Tuesday that they had found a second set of encrypted server addresses in the code of the eminently annoying SoBig.F worm. All of the server names appear to belong to Time Warner Telecom Inc.

"The code is quite straightforward and accurately indicates that the virus asks for information at this address, waits for the answer and than runs the downloaded file on the infected host," said Mihai Chiriac, a virus researcher at BitDefender. "As for the moment, there is no information at any of these addresses; we can't predict the code's effects."

http://www.eweek.com/article2/0,3959,1232316,00.asp