[unisog] CAIDA paper on CodeRed worm
William C Beegle
beegle at andrew.cmu.edu
Fri Jul 27 15:19:35 GMT 2001
On Wed, 25 Jul 2001, Lucy E. Lynch wrote:
> Note also that identifiable .edu addresses comprised less then 3%
> of the known compromised hosts ...
It's important to keep that number in perspective. According to the above
URL, roughly 6 .com hosts were infected for every .edu host, but that
doesn't account for the number of IIS machines in each domain. A .com
site is more likely to run IIS , and there are a lot more .com web
servers than there are .edu servers .
So, if we in .edu have 1/6 as many IIS hosts as .com (A guess chosen to
make the math easy.), we had approximately the same percentage of machines
compromised as .com.
Netcraft seems to dump .edu into "Other", so exact numbers aren't possible
with this report.
More information about the unisog