Security analysts say while the Neroma worm, which plays on fears surrounding the Sep. 11 date, poses little threat, they are alert for increased virus trouble this week.

Neroma, also known as Icebut, is a mass-mailing worm that spreads via the addresses it culls out of the address books in infected computers. The subject line reads: It's near 9/11. But the message reads: Nice butt baby. It also sports an executable attachment.

Security analysts at both Sophos, Inc. and Central Command, Inc. say Neroma has caused little trouble so far. The worm, though, has caused concern because of its reference to Sep. 11.

''I guess the reason why Neroma was initially released as an advisory was to start advising people to be prepared for the Sep. 11 based viruses,'' says Steven Sundermeier, vice president of products and services at Central Command, an anti-virus company based in Medina, Ohio. ''Since the Sep. 11 attacks, it has been one of the most highly targeted virus dates. It's an enticing, easily targeted date. When I say date, I mean on or about or around.''

As analysts wait to see if the Sep. 11 anniversary draws fire from the virus and hacker communities, they're also waiting to see what the next move is from the author of the destructive Sobig virus family.

The last Sobig variant, Sobig-F, wreaked havoc on businesses around the world last month. It's now considered the fastest-spreading virus in the industry's industry, as well as one of the most costly viruses on record. Mi2g, a digital risk assessment company based in London, reports that Sobig-F caused $29.7 billion worth of economic damages. Thanks largely to that, August has gone down in the books as the worst month in history for digital attacks. Last month, viruses, along with overt and covert hacker attacks, caused $32.8 billion in economic damages.

What is worrying security experts now is that Sobig-F is about to hit its own deadline. As of Sep. 10, the virus will stop spreading itself across the Internet. And historically, one Sobig variant has always followed another, each new variant building on the base of infected computers and building on the damage caused by the last one.

That leaves the security industry wondering when the next Sobig variant will arrive and what kind of damage it will wreak.

''We wouldn't be surprised if it came out in the near future,'' says Chris Belthoff, a security analyst with Sophos, an anti-virus company based in Lynfield, Mass. ''Our posture is: Hope for the best. Expect the worst.''