CipherTrust reports that, although there has been a "relatively fast-moving" disinfection of machines affected by the virus, five percent of PCs are still thought to host the malware. Of the machines that remain infected, 32 percent reside in Peru, 26 percent in India and 18 percent in the United States, according to CipherTrust.
"Although many machines have been disinfected, we're certainly not out of the woods yet. Many machines may still be infected without their owner's knowledge" said Dmitri Alperovitch, principal research scientist for CipherTrust.
"Thankfully, the amount of media attention regarding the destructiveness and rapid propagation of the worm are accelerating action to block and remove the virus. This is particularly significant for that five percent of infected machines that could potentially be severely impacted on the third of next month."
The Blackworm virus, also known as CME-24, Nyxem.E, Kama Sutra and MyWife, is transmitted via email, and once activated, will overwrite files on the third day of each month. At that time, approximately 30 minutes after an infected system is started, the worm overwrites files on local drives with extensions with the following text "DATA Error (47 0F 94 93 F4 K5)": DOC; XLS; MDB; MDE; PPT; PPS; ZIP; RAR; PDF; PSD; and DMP.