The Log4j vulnerability appears to have been overhyped by the infosec industry, with nothing like the scale of attacks expected materialising.

The flaw, an unauthenticated remote code exploit, allows the complete takeover of systems using versions 2.0-beta9 up to 2.14.1 of the library Log4j.

Well-known British security researcher Marcus Hutchins was one of those to throw cold water on some of the hype, pointing out that what was rumoured to be a Log4j worm did not work at all.

"I've reverse engineered this supposed Log4j worm and it doesn't work at all," he said. "There's also several bugs in the code that mean even if they did fix the core failure, it would still be completely ineffective."