Abstract: Worm propagation profiles have significantly changed
since 2003-2004: sudden world outbreaks like Blaster or Slammer
have progressively disappeared and slower but stealthier worms
appeared since, most of them for botnets dissemination. Decreased
worm virulence results in more difficult detection.
In this paper, we describe a stealth worm propagation model
which has been extensively simulated and analysed on a huge virtual
network. The main features of this model is its ability to infect any
Internet-like network in a few seconds, whatever may be its size while
greatly limiting the reinfection attempt overhead of already infected
hosts. The main simulation results shows that the combinatorial
topology of routing may have a huge impact on the worm propagation
and thus some servers play a more essential and significant role than
others. The real-time capability to identify them may be essential to
greatly hinder worm propagation.