The Sober worm has yet to launch its payload, despite it being several days since the worm was programmed to download unknown programs from a number of websites.
"Theres nothing going on with Sober," at the moment, said Joe Telafici, director of operations at McAfee's Anti-Virus Emergency Response Team (AVERT)
All of the websites that the last version of the Sober worm was programmed to reach out to and download malicious code from have already been disabled, he said. As a result, no malicious files are available for download by either infected systems or anyone else, he said.
Because the worm - which surfaced on 22 November - and its variants have been around for a while, many systems are also likely to have been patched or otherwise protected against the threat, according to Mike Murray, director of vulnerability and exposure research at nCircle.
"From what we are seeing out there, things appear to be very much under control," said Rajat Bhargava, president and CEO of StillSecure. "People feel like they may have dodged the bullet."
At the same time, it would be a mistake to dismiss the Sober threat entirely, he said. "Sober is still out there. Its a sleeper threat," he said. "The fact that it can be remotely executed makes it scary."
The worm also contains an algorithm that every few days generates new URL addresses from which it then attempts to download malicious code, Telafici said. As a result, the worm could start spreading again in future.
The Sober worm and its variants are believed to have been authored by German hackers and have emerged as one of most prolific pieces of malware ever. The worm does not target any specific vulnerability. Rather, it requires users to open a malicious file attachment in e-mails or to click on links that contain malicious attachments.
The last version of the worm was programmed to be reactivated at midnight on 5 January. Like other variants, the latest Sober version comes with its own SMTP engine to spread itself. But the code has been tweaked to send out copies much faster than earlier versions.
Even though the latest version appears to be doing little damage to corporate networks at the moment, there is still an enormous amount of e-mail traffic that is being generated by it, said Andrew Lochart, senior director of marketing at Postini.
In the last 24 hours alone, Postini has blocked over 53 million e-mails containing the latest Sober variant on behalf of its clients, Lochart said. That number is about ten times higher than the next most prolific worm and represents close to 98 percent of all e-mails blocked by Postini, he said. "It really is an astonishingly virulent worm," he said.
Find your next job with techworld jobs