Although evidence suggests that Nimda worm attacks are on the decrease, antivirus companies are claiming to still be run off their feet combating already infected systems.
According to research carried out by the Co-operative Association for Internet Data Analysis (CAIDA), based at the University of California's Supercomputer Centre, Nimda infections peaked at around 450,000 and are now steadily dropping off.
The data compiled since the worm first hit on 18 September found 160,000 hosts infected. By 5pm the next day, 450,000 unique IP addresses were trying to spread the worm.
But 24 hours later CAIDA said that 50 per cent of infected machines had ceased probing the net. In contrast, it took 11 days for 50 per cent of Code Red infected hosts to stop infiltrating.
CAIDA suggested that reasons for the down surge in infection could be due to a number of factors.
"Some organisations chose to remove themselves voluntarily to protect their machines. Some ISPs disconnected customers who were found to be spreading the worm, while others blocked traffic to or from port 80," the organisation said.
"Finally, some locations were compromised so severely that the infected hosts saturated their links to the rest of the net, thereby reducing the ability of the infected hosts to spread the worm," CAIDA added.
But Natasha Staley, of Sophos, said that although it seems Nimda has peaked, "we are still receiving a large amount of calls from people who have either been infected or are worried and want some advice."
"The phones are still ringing off the hook and our Support guys were busy all through the night. So, although it's not as busy, it's still very busy indeed," she said.
Sophos further added that just removing the virus is not enough: the holes which allowed it to get in need to be plugged too.
"If your website is infected, this is a blatant advertisement to hackers that your server is weak," said Graham Cluley, senior technology consultant at Sophos.
"Your server is vulnerable not just to Nimda but to a direct attack. Practise Safe Hex, and keep your server security up to date," he said.
Because Nimda attacks multiple vulnerabilities in IIS and uses a number of infection methods, it has been tagged as a new breed of worm.
"This level of sophistication is unheard of," said Alyn Hockey of Baltimore's ThreatLab. He said that previous viruses "have only incorporated one of the usual exploits - either IIS, Mail or File share exploitation."
"But this is designed to bring the internet to meltdown," he added. "It's a DOS-type attack that uses a worm to propagate itself around the internet and intranet."
Graphs depicting the Nimda worm's infection rate can be found here.
Facebook told by Brussels-based court to stop tracking non-users and to delete all data held on them
Supply chain and manufacturing experience could give Dyson an important edge
New VR Zone Portal arcades open in London and Tunbridge Wells
Systems-on-a-chip with integrated AI features could make voice and facial recognition