« betting on new worms | Main | Sophos claims one German teen responsible for lots of worm activity »
Measuring Worm Activity
Some data from Kamal, using Hogwash on a /28 network for an extened period of time. "Data is taken from an IPS (Feb to Jun, 2004) where Nachi (aka cyberkit) and SQLslammer were blocked. It is interesting to note that both worms carried a payload which, during its peak activity, lead to congested networks. Another point that is interesting to note is that there are still a lot of vulnerable and active machines out there. Slammer pretty much remains constant, an average of 40 packets per day. Nachi's ping is going down quickly, and there is a line due to its due date, 1 Jan, 2004."
Note that Nachi's activity was supposed to stop on any infected host after January 1, 2004. However, this requires a restart, as the date check is done only at worm binary startup.
July 14, 2004 in tools | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
