I suspect they use approximations. Apparently China received quite a few
hits located in the center, which doesn't jibe with my understanding that
much of the high tech development is occuring near the coast.
A nasty possibility for a similar worm in the future is to use one as a
means of detecting unlicensed copies of the target OS.
Assuming the Internet is scale-free, in principle one could contain the
spread by taking down several key nodes, but obviously at the expense of
major disruption on the Internet. (And I finally have a URL to show.)
It would be interesting to see if the infection profile further supports
the hypothesis that the Internet is scale-free.
On Fri, 27 Jul 2001, Barry Wellman wrote:
> Geoffrey's idea is a good one. I'd like to know where the data come from
> for geographical spread -- always a tough one on the Internet with the
> place-less .coms [...]
> Barry Wellman Professor of Sociology NetLab Director
> [log in to unmask] http://www.chass.utoronto.ca/~wellman
> Centre for Urban & Community Studies University of Toronto
> 455 Spadina Avenue Toronto Canada M5S 2G8 fax:+1-416-978-7162
> On Fri, 27 Jul 2001, Geoffrey Williams wrote:
> > Date: Fri, 27 Jul 2001 07:15:32 -0700
> > From: Geoffrey Williams <[log in to unmask]>
> > To: [log in to unmask]
> > Subject: The Spread of the Code-Red Worm (CRv2)
> > A really interesting look at the spread of a virus -
> > apparently the nature of this one allowed the authors
> > to pinpoint the time of infection for a large number
> > of hosts. [...]
> > Unfortunately, there's very little explicit analysis
> > of the network issues. It would be interesting to add
> > some socnet issues to the work shown here.
> > http://www.caida.org/analysis/security/code-red/
> > Geoffrey Williams