[unisog] CAIDA paper on CodeRed worm

William C Beegle beegle at andrew.cmu.edu
Fri Jul 27 15:19:35 GMT 2001

On Wed, 25 Jul 2001, Lucy E. Lynch wrote:
> http://www.caida.org/analysis/security/code-red/
> Note also that identifiable .edu addresses comprised less then 3%
> of the known compromised hosts ...

It's important to keep that number in perspective.  According to the above
URL, roughly 6 .com hosts were infected for every .edu host, but that
doesn't account for the number of IIS machines in each domain.  A .com
site is more likely to run IIS [1], and there are a lot more .com web
servers than there are .edu servers [2].

So, if we in .edu have 1/6 as many IIS hosts as .com (A guess chosen to
make the math easy.), we had approximately the same percentage of machines
compromised as .com.

-willie beegle


[2] http://www.netcraft.com/survey/Reports/200106/bydomain/index.html
Netcraft seems to dump .edu into "Other", so exact numbers aren't possible
with this report.

More information about the unisog mailing list