This graph records the number of Sobig.F e-mail viruses
received per hour by me personally at my Harvard address.
You can see both the daily variation and the weekly variation
as machines are turned off each at night and on weekends.
You can also see the clear cutoff on September 10 when the
virus was hard-coded to stop propagating. This represents
over 40,000 virus-laden messages (not counting the countless
bounces of spoofed viruses).
My conclusion from this data is that the majority of systems that were infected by the virus remain infected. There is some decline in the arrival rate with time, but the peak rates at the end of the period are comparable to the peaks at the start. Since we know that Sobig installs a backdoor, this clearly leaves open the possibility of a massive DDOS attack in the future.
[Home]
[Anderson Group]
Copyright © 2003 Norton Allen