Sophos的には「SophosLabs’ investigation indicates the first infections Friday appeared in India, Hong Kong and the Philippines. The findings of south-east Asian origin are in sync with that of other research organizations, such as Nominum」らしい。東南アジアでは無いかとの見立て。ただし、KILLスイッチ投入後の話と思われる。