NEWS FROM THE LAB - Sunday, March 28, 2004

Witty once more Posted by Mikko @ 21:40 GMT

CAIDA has released an interesting paper on the Spread of the Witty worm. Their analysis shows several interesting facts, including that the worm apparently infected 12 000 computers, and that it was mostly likely spread using a hitlist.

I would think the figure of 12 000 infected computers is on the low side. Many of the infected machines managed to corrupt themselves almost instantly, before they had much chance to make themselves "visible" to the net. Also, many infected computers were behind other firewalls, which could have prevented them from scanning others. And there are several unconfirmed reports citing fairly large internal infections in corporate environments.

CAIDA is also the home of one of the all-time-favourites: a world map MOV animation showing 24 hours of the spread of the Code Red worm in July 2001.