Berkeley’s computer science department has provided yet another breakdown of last week’s SQL Server worm, this one more epidemiological than technical. One of the most impressive parts of the report is a Wargames-like graphic that shows the reach of the worm in its first 30 minutes of life; there are also good graphs showing both the packet traffic generated by the worm and the rapid decline in its traffic as system and network administrators responded. (Something that particularly interests me is that the traffic analysis was done in a “tarpit” network — a network that’s used only to collect data on incoming, unrequested packets like those used in virus or worm attacks — at the University of Wisconsin Advanced Internet Lab.) One of the big lessons to take from the data is that, with a rate of spread that quick and a penetration into networks that deep, a more malevolent worm could cause a hell of a lot of damage.