Patching habits have played a part, too, at least in keeping Downadup from infecting PCs through the bug Microsoft patched last October. "We feel that consumers in North America and western Europe are better educated about remaining patched," said Huger, pointing to the relatively low Downadup infection rates in those regions.
"Worms travel the path of least resistance," he added.
Although some researchers now say that Downadup seems to have peaked -- F-Secure Friday noted that its "growth...has been curbed" -- researchers remained worried about the next step in the attack.
Most malware infects PCs so that hackers can then use the collected machines, dubbed a "botnet," to send spam, attack Web sites or compromise more computers. To do that, the original attack code directs the now-controlled PC, a "bot" in security parlance, to download additional software.
But Downadup has yet to trigger such second-stage downloads.
"Why is it taking so long?" asked Huger. "That's what we're all asking." He couldn't recall an attack of this size with such a long lag time between the initial attacks and follow-on downloads of more malware to the hijacked systems.
The people behind Downadup will eventually follow through, Huger's convinced. "They've obviously put a lot of thought into the worm. They've been very methodical," he said.
But he also pointed out that the clock is ticking. "If they don't hurry up and do it, someone else will," he said, explaining that hackers must fend off not only security researchers, but also other criminals, who would like nothing better than to pinch a ready-to-use botnet.
"They're trying to keep the other bad guys at bay, too," Huger said. "So I would guess that they would act soon."