I suspect they use approximations.  Apparently China received quite a few
hits located in the center, which doesn't jibe with my understanding that
much of the high tech development is occuring near the coast.

A nasty possibility for a similar worm in the future is to use one as a
means of detecting unlicensed copies of the target OS.

Assuming the Internet is scale-free, in principle one could contain the
spread by taking down several key nodes, but obviously at the expense of
major disruption on the Internet.  (And I finally have a URL to show.)

It would be interesting to see if the infection profile further supports
the hypothesis that the Internet is scale-free.


On Fri, 27 Jul 2001, Barry Wellman wrote:
> Geoffrey's idea is a good one. I'd like to know where the data come from
> for geographical spread -- always a tough one on the Internet with the
> place-less .coms [...]
>   Barry Wellman        Professor of Sociology       NetLab Director
>   [log in to unmask]
>   Centre for Urban & Community Studies        University of Toronto
>   455 Spadina Avenue   Toronto Canada M5S 2G8   fax:+1-416-978-7162
>  ___________________________________________________________________
> On Fri, 27 Jul 2001, Geoffrey Williams wrote:
> > Date: Fri, 27 Jul 2001 07:15:32 -0700
> > From: Geoffrey Williams <[log in to unmask]>
> > To: [log in to unmask]
> > Subject: The Spread of the Code-Red Worm (CRv2)
> >
> > A really interesting look at the spread of a virus -
> > apparently the nature of this one allowed the authors
> > to pinpoint the time of infection for a large number
> > of hosts. [...]
> >
> > Unfortunately, there's very little explicit analysis
> > of the network issues. It would be interesting to add
> > some socnet issues to the work shown here.
> >
> >
> >
> > Geoffrey Williams