[3] The worm spread worldwide, becoming particularly prevalent in North America, Europe, and Asia (including China and India).

[4] The worm showed a vulnerability in software distributed with IIS, described in Microsoft Security Bulletin MS01-033 (CVE-2001-0500),[5] for which a patch had become available a month earlier.

Kenneth D. Eichman was the first to discover how to block it, and was invited to the White House for his discovery.

Apache access logs from this time frequently had entries such as these: The worm's payload is the string following the last 'N'.

Due to a buffer overflow, a vulnerable host interpreted this string as computer instructions, propagating the worm.