Sober's Attack May Be Nothing To SweatSober's Attack May Be Nothing To Sweat

"With all the publicity and the police getting involved, maybe we won't see anything because of that pressure," Dunham said.

"We don't think much will happen," added Mikko Hypponen, the chief research officer of Helsinki-based F-Secure, in a statement on the company's blog.

Down the road, there's an outside chance, Dunham said, that the Sober author(s) have been scared off for good. He used Sobig, a 2003 worm, as an example.

"When Sobig.f came out, it made a major impact. Everyone heard about it, there was a bunch of mitigation, it slowed down corporate mail systems. But since then, we haven't seen another Sobig yet.

"Maybe the Sober guys will look for something a little less hot to work on," he said.

Enterprises, Dunham added, should monitor TCP port 37, a little-used port but the one Sober relies on for communications, starting Thursday. "If there's any questionable activity [on port 37], administrators might want to take a close look at it."

For more information about Sober, users can check out the Sober security advisory Microsoft posted Tuesday on its Web site.