Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
Nyxem Spread in the Americas

The Spread of the Nyxem (or Blackworm or Kama Sutra or MyWife or CME 24) Virus in the Americas in January and early February 2006.

Support for this work was provided by Cisco Systems, NSF, DHS, and CAIDA members.

Cooperative Association for Internet Data AnalysisUniversity of California at San DiegoSan Diego Supercomputer CenterCisco SystemsNational Science FoundationU.S. Department of Homeland Security

Nyxem AnalysisGraphs of Nyxem Spread in all countriesChart with minimum and maximum estimates of Nyxem infections per country


In most countries with significant numbers of computers infected by the Nyxem virus, the infection peaks in the first few days of virus spread. However in many Spanish-speaking countries in the Americas, the virus does not take hold until four days after it has peaked on the other continents and in other countries in North America in which Spanish is not the dominant language.

This effect is most prominent in Peru, although it is visible as either the primary peak in infection rate, or a new surge in infections, in most Spanish-speaking countries in the Americas. The timing of the second infection peak is otherwise unusual, as it coincides with a weekend -- typically a quieter period in virus spread as people engage in recreational activities away from computers.

The infected population in Peru is highly unusual -- it's peak rate is an order of magnitude larger than that of other countries in the region. Despite significant investigation in search of specific anomalies that could represent denial-of-service attacks or other activity causing non-virus-related hits on the website used to track the progress of the virus.

Spain, a Spanish-speaking country outside the Americas, shows an infection peak in the first two days of virus spread, as is typical for most other countries with significant infected populations. Brazil, a Portuguese-speaking country in South America also shows the typical infection pattern with an early peak, leading us to wonder if a Spanish-language variant of the worm was released four days after the initial version. It is also possible that this unique pattern is an artifact of the normal person-to-person spread of the email virus. The United States and Canada show the typical infection peak in the first two days of virus spread.



About the Authors:

David Moore is the Technical Director of CAIDA and Ph.D. Candidate in the UCSD Computer Science Department. Colleen Shannon is a Senior Security Researcher at the Cooperative Association for Internet Data Analysis (CAIDA) at the San Diego Supercomputer Center (SDSC) at the University of California, San Diego (UCSD). David and Colleen also run the UCSD Network Telescope. The Network Telescope and associated security efforts are a joint project of the UCSD Computer Science and Engineering Department and the Cooperative Association for Internet Data Analysis.

This work was sponsored by:

Cooperative Association for Internet Data AnalysisUniversity of California at San DiegoSan Diego Supercomputer CenterCisco SystemsNational Science FoundationU.S. Department of Homeland Security
Grants from Cisco Systems, the National Science Foundation (NSF), the Department of Homeland Security (DHS), and CAIDA members.

  Last Modified: Tue May-15-2018 14:18:50 PDT
  Page URL: http://www.caida.org/research/security/blackworm/graphs/countries/americas.xml