The number of infections has fallen dramatically since Friday’s peak when more than 9,000 computers were being hit per hour. Earlier on Monday, Chinese traffic police and schools reported they had been targeted as the attack rolled into Asia for the new work week, but no there were no major disruptions.

Authorities in Europe and the United States turned their attention to preventing hackers from spreading new versions of the virus.

Shares in firms that provide cyber security services rose sharply, led by Israel’s Cyren Ltd (CYRN.O) and U.S.-based FireEye (FEYE.O).

Cisco Systems (CSCO.O) closed up 2.3 percent and was the second-biggest gainer in the Dow Jones Industrial Average, as investors focused more on opportunities that the attack presented for technology firms than the risk it posed to corporations.

Morgan Stanley, in upgrading the stock, said Cisco should benefit from network spending driven by security needs.

POLITICAL TOPIC

Beyond the immediate need to shore up computer defenses, the attack turned cyber security into a political topic in Europe and the United States, including discussion of the role national governments play.

In a blog post on Sunday, Microsoft Corp (MSFT.O) President Brad Smith confirmed what researchers already widely concluded: The attack made use of a hacking tool built by the U.S. National Security Agency (NSA) that had leaked online in April.

He poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret - in order to conduct espionage and cyber warfare - against sharing those flaws with technology companies to better secure the internet.

On Monday, Bossert sought to distance the NSA from any blame.