Over 300,000 servers are still vulnerable to the Heartbleed bug, despite severe warnings being made by security researcher Robert David Graham over a month ago.
Over the weekend, Graham found that at least 309,197 servers are still vulnerable, a decrease of only 9,042 from the 318,239 he identified a month back.
Graham worries that smaller businesses aren't patching vulnerable servers because Heartbleed is no longer headline news.
"This indicates people have stopped even trying to patch," he said. "We should see a slow decrease over the next decade as older systems are slowly replaced.
"Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable."
Graham plans to scan again next month, then after six months and then yearly after that in an effort to track the progress of servers being patched.
However, recent scans have suggested that some websites may be blocking his efforts and compromising the accuracy of his study.
"The numbers are a little strange. Last month, I found 28 million systems supporting SSL, but this month I found only 22 million. I suspect the reason is that this time, people detected my Heartbleed 'attacks' and automatically firewalled me before the scan completed," he added.