It seems pretty immature they cannot make unique address for each infection right? It would be much easier that way, then no communication would be necessary.
I would imagine having the infection calling back to a central server to get keys would be a big weakness, and if the program generated private keys they would have to be sent back to the center somehow.