In my opinion all this guerilla warfare on the internet only has losers, the non-military users of the internet. It is a means to an end, but it only takes so long until someone decides the internet is too dangerous and writes something clever that will destroy the backbone instead of end users. Ok, maybe not that dramatic, but it could make the internet very unusable if left unchecked.
Still, it's interesting how this will be played out. I don't think it's manually installed, that'll only make tracing it easier. I think it uses something they didn't consider and that way still is somewhat stealthy. Either the creators are clever enough to only make it spread to non-bate-files or it has a manual switch that once activated will make it spread or stop spreading. This is more likely when looking at the the figures of which countries are infected. I think they decided to kill the spreading when the target they were after had been compromised. There is also no use for a sophisticated malware application if it won't infect or collect something from other computers, as you might as well take the information yourself and then leave. Furthermore: you'll only make it more suspicious if it only exists on a single network.
And then there is the case why the infections almost always are around the same area of the world. Why focus there?