Kama Sutra worm: How was it for you?

The Kama Sutra worm's anticipated bombshell ended up fizzling out but experts are still divided on whether the brouhaha over the threat was justified.

The alarm around the worm may have helped avert a disaster for some PC users, since they were able to take action and clean up their computers, some experts say. But others fear that the predicted doomsday scenarios followed by a non-event may cause PC users to become complacent about security alerts.

Kama Sutra, also known as Mywife, Nyxem, Blackmal and Grew and given the industry identifier CME-24, was designed to begin overwriting files on infected computers on Friday morning. However, the worm that spread under the guise of pornographic content has caused virtually no damage, according to antivirus makers.

Vincent Weafer, senior director at Symantec Security Response, said: "It has been a non-event. We have been tracking our consumer tech support: less than a handful of people worldwide have called in saying they might be infected."

One Italian city shut down its computers as a precaution after discovering an infection, according to media reports. Otherwise, the time bomb some in the security industry predicted the worm would be just fizzled.

But Kama Sutra was never going to cause mayhem on a large scale, said representatives for McAfee, Symantec and Trend Micro, the world's top three antivirus software makers. All three never raised their alert above "low" or "medium". Yet the level of public alarm generated over the worm was significant.

A McAfee spokeswoman said: "It got a lot of media attention because of the name and the illicit material but it did not get attention from the major antivirus companies. We kept the threat level low."

There was "some hype" fuelled by some in the security industry that published high infection numbers, Symantec's Weafer said. "You have to be very balanced in your alerts. Some were throwing out crazy numbers and talking about this as if it was going to be a global attack. It was never going to be that."

Antivirus company F-Secure, for example, on Thursday displayed a map of the world on its website that suggested there was a large-scale infection around the globe.

The danger of hype is that PC users will become complacent about security alerts and not take any action the next time around, Weafer said. "You don't want consumers to say: 'This one was nothing, why would I care about the next one.'"

But others say the alarm over Kama Sutra was warranted.

Ken Dunham, the director of rapid response at iDefense, said: "The reality is that there could have been hundreds of thousands of computers with overwritten files today. Instead, we only have a handful of reports, and that is a hands-down victory for the collaborative effort of the security community."

At F-Secure, experts aren't convinced the Kama Sutra attack is over.

Mikko Hypponen, F-Secure's chief research officer, said in a blog posting on Friday: "[The] vast majority of the machines infected... are home computers. Nothing will happen on them until people get home from work and boot up their machines. We'd like to think that they whole problem was avoided and everybody cleaned up their machines in time. But unfortunately, that's probably not true."

Meanwhile, McAfee, Symantec and Trend Micro say Kama Sutra has come and gone. Still, PC users should keep their antivirus software up to date to be protected against possible variants.

Joris Evers writes for CNET News.com