Comment by lurkshark

If I’m remembering correctly, Conficker was the first major use of this technique. They used a relatively small domain pool (250) so the registries were able to lock them up preemptively.

I remember a couple legitimate sites getting slammed by accidental DDOS because the algorithm happened to generate their domain, but having a hard time finding a reference to that.

https://en.m.wikipedia.org/wiki/Conficker