If something is "in flux," it means it is constantly changing. In this case, the bots are using a domain-generation algorithm (DGA) to produce tens of thousands of random domain names, one of which will actually be registered by the botnet operator. Each bot then sends out DNS queries to the random domains until one of them actually resolves to the address of the C&C server.Content Continues Below
Domain fluxing can make it difficult for security researchers and administrators to block instructions from a C&C server and shut a botnet down. Domain fluxing was popularized by Conficker and is also used by Kraken and a rootkit called Torpig.
See also: fast-flux DNS