The RPC Worm Victim List has a list [.txt] of hundreds machines and they are mainly Windows XP machines (MSIE 6.0 or MSIE7.0; Windows NT 5.1 in browser’s user agent).
I made a script to generate WHOIS queries and the results say that the victim machines are located mainly in Australia, China, Philippines, India, Japan, Korea, Malta, Malaysia, Taiwan, and Vietnam. There are only some machines in France, UK, and USA.
It’s very interesting that there is an IP from Microsoft too – a Wget machine with IP address 220.127.116.11. The Wget version is 1.10.2.
OrgName: Microsoft Corp
Address: One Microsoft Way
NetRange: 18.104.22.168 – 22.214.171.124
There are several Wget UA’s included, one with the version number Wget/1.8.2 too.
I recommend that Redmon guys patch that machine ASAP 😉